Control the user's real Safari browser on macOS using AppleScript and screencapture. This skill should be used when the user asks to interact with Safari, br...
Security Analysis
high confidenceThe skill's requests and runtime instructions match its stated purpose (controlling Safari via AppleScript and screenshots); it is powerful and privacy-sensitive but internally coherent with no unexplained dependencies or installs.
The name/description promise controlling Safari via AppleScript and screencapture, and the SKILL.md provides AppleScript commands, JavaScript-in-page execution, and screencapture workflows. Required resources (osascript, screencapture, swift compiler at runtime) are exactly what such a skill needs.
The instructions explicitly tell the agent to list tabs, read page content, run arbitrary JavaScript in the page context, and take screenshots. This is expected for a browser-control skill, but these actions allow access to logged-in sessions, cookies, form contents, and any visible page data — all high-sensitivity. The skill also compiles a small Swift helper to /tmp for finding Safari window IDs (writes and executes a binary in /tmp). There is no instruction to read unrelated files or environment variables.
No install spec or external downloads are present. The only runtime write/execute behavior is generating and compiling a transient Swift helper in /tmp (swiftc), which is reasonable for macOS-native tooling but worth noting because it creates an executable at runtime.
The skill declares no environment variables, no credentials, and no config paths. The permissions it asks for (Automation to control Safari, optionally Screen Recording) directly map to the functionality. There are no unrelated credential requests.
The skill is instruction-only and not always-enabled. It does allow autonomous invocation (platform default), which combined with the ability to control Safari increases blast radius: an agent could read active sessions or run JS without additional system credentials. This is expected behavior for a browser-automation skill but worth explicit user caution.
Guidance
This skill does what it says: it uses AppleScript, executes JavaScript inside pages, and captures screenshots of your real Safari session. Before installing, consider: 1) Granting Automation and Screen Recording gives the terminal/agent direct access to your open tabs, logged-in sessions, form data, and screen contents — don't enable these permissions unless you trust the agent. 2) The skill compiles and runs a small helper in /tmp at runtime; review that file if you want to audit it (it is not downloaded from the network). 3) Because the agent will receive page text and screenshots, avoid using it on pages with very sensitive information (banking, 2FA codes) or use a separate profile/incognito session for sensitive accounts. 4) Limit or review the agent's automatic approvals (approve actions interactively rather than in bulk) and revoke Automation/Screen Recording permissions when not needed. If you want extra caution, test with non-sensitive pages first.
Latest Release
v1.0.0
Initial release — control your real Safari browser on macOS via AppleScript and screencapture. Zero install.
More by @SDLLL
Published by @SDLLL on ClawHub
