Claude for Safari
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is coherent for Safari automation, but it gives the agent broad control over your real logged-in Safari session with limited scoping safeguards in the artifacts.
Install only if you want an agent to control your real Safari browser. Before using it, close private or sensitive tabs, avoid active banking/work/admin sessions, and require explicit approval before the agent runs JavaScript, fills forms, submits anything, posts content, deletes data, or changes account settings.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may be able to read or interact with websites where you are already signed in, potentially affecting personal, financial, work, or social accounts.
The skill explicitly uses the user's real Safari session, which can let the agent act within logged-in websites and view private tabs or account data.
This provides full access to the user's actual browser session — including login state, cookies, and open tabs
Use only for explicit browser tasks, review each action carefully, and avoid granting access while sensitive accounts or private tabs are open.
A mistaken or over-broad instruction could cause the agent to interact with web pages in ways you did not intend, including submitting forms or changing account data.
Arbitrary JavaScript in the active page is a broad escape-hatch capability that can read page content, click controls, fill forms, or trigger account-changing actions.
Run arbitrary JavaScript in the page context and get the return value
Require explicit confirmation before JavaScript execution, form submission, purchases, account changes, posts, deletes, or actions on sensitive sites.
The agent will run local macOS automation commands as part of normal use.
The skill relies on local command execution to drive Safari and capture screenshots; this is central to the stated purpose and is disclosed.
Operate the user's real Safari browser on macOS via AppleScript (`osascript`) and `screencapture`
Only approve commands you understand, and make sure they are limited to Safari automation for the task you requested.
Users on unsupported systems may get failures, and users may not see all required local permissions and tools from metadata alone.
The registry metadata does not declare the macOS-only environment or the local tools described in the README/SKILL, which may make the permission and runtime requirements less visible before installation.
OS restriction: none; Required binaries (all must exist): none; No install spec — this is an instruction-only skill.
Treat the README and SKILL instructions as the authoritative setup requirements, and install only if you are comfortable granting Safari Automation and optional Screen Recording access.