Control the user's real Safari browser on macOS using AppleScript and screencapture. Read pages, click elements, type text, take screenshots, navigate tabs —...
Security Analysis
medium confidenceThe skill's stated purpose (controlling Safari via AppleScript) matches its instructions, but it asks the agent to perform high‑privilege actions (arbitrary JS in user sessions, compile/run helper binaries, use Screen Recording/Automation permissions) and the package metadata omits required system binaries — the combination is coherent but proportionally risky and should be reviewed before use.
The skill claims to control the real Safari browser and the SKILL.md contains AppleScript and screencapture workflows that do exactly that (list tabs, run JS, take screenshots). However, the package metadata declares no required binaries while the instructions rely on macOS tools (osascript, screencapture, swiftc/swift) and writing a helper binary to /tmp. The omission of these required binaries in metadata is an incoherence that could mislead users and automated installers.
Instructions explicitly tell the agent to run arbitrary JavaScript in the page context and to read full page text, meta, DOM, and screenshots — which necessarily exposes cookies, session state, and any page content. It also instructs compiling and running a local Swift helper in /tmp and checking/granting Automation and Screen Recording permissions. While these steps are consistent with controlling Safari, they give the skill extremely broad access to the user's browsing session and local screen, so the runtime instructions are high‑privilege and should be treated as sensitive.
There is no install spec (instruction-only), so no remote code is fetched. However, the runtime instructions compile a local Swift helper and write binaries to /tmp during use. No external downloads are performed, which lowers supply‑chain risk, but the skill still writes and executes temporary code on the host.
The skill requests no environment variables or external credentials (which is appropriate), but it requires macOS Automation and Screen Recording permissions to function — these grant the terminal the ability to control Safari and capture screen contents. These permissions are proportionate to the stated purpose, but they are powerful and enable access to the user's logged‑in sessions and potentially sensitive data.
The skill is not marked always:true and makes no claim to modify other skills or system‑wide agent settings. Its only persistence behavior is creating a temporary helper binary in /tmp for screenshots; it does not request permanent installation or system configuration changes in the SKILL.md.
Guidance
This skill directly controls your real Safari session and can read cookies, logged‑in pages, form contents, and the screen. Before installing: (1) Only use if you fully trust the skill author — access is powerful and privacy‑sensitive. (2) Note the SKILL.md omits required system binaries (osascript, screencapture, swiftc); ensure those are available and review the exact commands. (3) Expect to be asked to grant Automation (AppleEvents) and Screen Recording to your Terminal — granting these allows the skill to control Safari and capture screens. (4) Consider not running with sensitive accounts open, or test in a separate user/profile. (5) If you need additional assurance, request the full, untruncated SKILL.md and a code review of the helper compilation steps; ask the author to declare required binaries in metadata and to explain why arbitrary JS execution is necessary and how results are handled (where data is sent).
Latest Release
v1.0.0
Safari browser automation — control your real Safari via native AppleScript. Zero install.
More by @SDLLL
Published by @SDLLL on ClawHub
