Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Safari Control
v1.0.1Use Safari directly on macOS when work must happen in the user's real Safari session instead of a separate automation browser. Best for reading the current t...
⭐ 1· 59·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name and description (control Safari, read tabs, run page JS, use native UI) align with the included Swift helper and the described CLI commands. The script uses osascript/Apple Events and accessibility APIs, which are the expected mechanisms for interacting with Safari and macOS UI.
Instruction Scope
SKILL.md explicitly instructs the agent to run the bundled Swift script and to prefer read-only inspection before mutation. It documents checking permissions, listing windows/tabs, snapshotting, and running JS inside pages. These instructions stay within the scope of manipulating and inspecting Safari; they do, however, instruct enabling 'Allow JavaScript from Apple Events' and running arbitrary JS, which is powerful and must be consciously granted by the user.
Install Mechanism
No install spec; script is included in the skill bundle and runs from source using the system Swift runtime and osascript. No external downloads or archive extraction are performed by the skill.
Credentials
The skill requests no environment variables or external credentials. It does call standard local binaries (osascript, shasum, git) which are consistent with its features (AppleScript execution, checksums, optional git metadata). It does require macOS permissions (Accessibility and 'Allow JavaScript from Apple Events'), which are necessary for the claimed functionality but grant broad access to the Safari session.
Persistence & Privilege
always:false and user-invocable:true. The skill does not request permanent platform-level inclusion. It does not modify other skills' configs. Note: once macOS Accessibility and Apple Events permissions are granted to the helper process, it gains strong capabilities to read and script the user's Safari session until those permissions are revoked.
Assessment
This skill legitimately needs macOS Accessibility and 'Allow JavaScript from Apple Events' to control Safari — those permissions let the script run AppleScript/JS inside your real browser and can read page content, cookies visible in-page, and interact with native UI. Only enable those permissions if you trust the skill and its source. Before using: (1) review the included scripts/safari_control.swift yourself (it runs osascript and may write files to disk), (2) prefer read-only commands (doctor, list-tabs, snapshot) and avoid running arbitrary run-js commands unless you understand what the JS does, (3) avoid granting permissions globally if you can test in a separate Safari profile, and (4) do not use this skill for sensitive accounts unless you trust its provenance. If you are unsure about the source, treat this as high-risk and do not enable the macOS permissions.Like a lobster shell, security has layers — review code before you run it.
automationvk97676j154qk10kjya1cr4ys9x83h9d3browservk97676j154qk10kjya1cr4ys9x83h9d3latestvk97676j154qk10kjya1cr4ys9x83h9d3macosvk97676j154qk10kjya1cr4ys9x83h9d3safarivk97676j154qk10kjya1cr4ys9x83h9d3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.