Safari Browser Control
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is transparent about controlling Safari, but it gives the agent broad access to your real logged-in browser session with no clear action limits.
Install only if you intentionally want an agent to operate your real Safari browser. Treat it like granting someone remote control of your logged-in browser: supervise actions, require confirmation before writes or submissions, avoid sensitive accounts, and consider using a separate Safari profile or revoking macOS permissions after use.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent makes a mistake or follows unsafe page content, it could click, type, submit forms, or navigate inside accounts where you are already logged in.
This grants the agent broad browser read and write authority in the user's live Safari session, including actions that could affect logged-in accounts.
Read pages, click elements, type text, take screenshots, navigate tabs — all through the user's actual browser session with their cookies and logins.
Use only with explicit user confirmation for clicks, typing, form submissions, purchases, account changes, downloads, and navigation to sensitive sites; prefer a separate browser profile or throwaway session.
The agent may be able to read private account pages or act as you on websites that are already logged in.
The skill explicitly relies on the user's existing authenticated Safari session, which means actions are performed with the user's account privileges.
This provides full access to the user's actual browser session — including login state, cookies, and open tabs — without any extensions or additional software.
Grant Safari Automation permissions only if you trust the workflow, avoid using it on banking/admin/healthcare or other sensitive sessions, and revoke permissions when finished.
The skill may create a temporary local executable and may require tools or permissions not declared in the registry metadata.
The screenshot workflow writes and compiles a local Swift helper under /tmp. This appears purpose-aligned for identifying the Safari window, but it is not reflected in the install requirements.
# Compile the helper once per session (if not already compiled) if [ ! -f /tmp/safari_wid ]; then cat > /tmp/safari_wid.swift << 'SWIFT'
Review the helper before running it, remove temporary /tmp/safari_wid files if desired, and ensure the publisher declares macOS and required local tools clearly.