Shortcuts Automator
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-skill-shortcuts-automator Version: 1.0.0 The skill bundle provides a legitimate interface for the native macOS `shortcuts` command-line utility, allowing the agent to list, run, and manage shortcuts. The instructions in SKILL.md and README.md are consistent with the stated purpose and include appropriate security warnings regarding the potential risks of running untrusted shortcuts. No evidence of malicious logic, data exfiltration, or obfuscation was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A shortcut could modify files, send messages, control apps, or perform other actions available to the user account.
The skill instructs the agent to invoke the macOS Shortcuts CLI to run user workflows. This is the stated purpose, but shortcuts can perform broad local automation depending on their contents.
shortcuts run "Morning Routine" ... Shortcuts run with user permissions
Run only explicitly requested shortcuts you trust, and inspect unfamiliar shortcuts with `shortcuts view` or the Shortcuts app before running them.
Granting these permissions can let automation interact with apps or files that would otherwise be protected by macOS.
The documentation tells users they may need to grant macOS permissions that expand what OpenClaw or a shortcut can control. This is disclosed and purpose-aligned, but important for users to notice.
Automation Access ... Accessibility ... Full Disk Access: Some shortcuts may require this for file operations
Grant only the permissions needed for trusted shortcuts, and review or revoke them later in System Settings if they are no longer needed.
The skill may fail or behave unexpectedly outside macOS or where the Shortcuts CLI is unavailable.
The skill relies on the macOS `shortcuts` command, but the registry metadata does not declare the OS or binary requirement. This is not malicious, but it is an under-declared environment dependency.
OS restriction: none ... Required binaries: none ... No install spec — this is an instruction-only skill
Use this skill only on macOS systems with Apple Shortcuts available, and treat it as documentation for the built-in `shortcuts` CLI.