Shortcuts Generator
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses Bash while this skill is active, it could run local commands; users should ensure any shell use is limited to expected plist conversion or validation tasks.
Write access is expected for creating plist or .shortcut files. Bash is broader than strictly necessary for documentation-based generation, but it is disclosed and the artifacts do not show hidden or automatic shell commands.
description: Generate macOS/iOS Shortcuts by creating plist files... allowed-tools: Write, Bash
Prefer file writing only where possible, and require clear user approval before running any Bash command.
A generated shortcut could perform destructive or sensitive actions if the user requests those capabilities and then imports/runs the shortcut.
The reference catalog includes Shortcuts actions that can delete data, read local data, or execute scripts inside a generated shortcut. This is coherent with a comprehensive Shortcuts generator, but generated files should be reviewed before import and execution.
`deletefile` | WFDeleteFileAction | Delete file `runshellscript` | WFRunShellScriptAction | Run shell script `runosascript` | WFRunOSAScriptAction | Run AppleScript `getclipboard` | WFGetClipboardAction | Get clipboard `deletephotos` | WFDeletePhotosAction | Delete photos
Review generated shortcut contents carefully, especially actions involving deletion, clipboard/photos/contacts/location access, network requests, shell scripts, AppleScript, messages, or system settings.