M
MCP.directory

applescript

by martinholovsky
98
11
Source

"Expert in AppleScript and JavaScript for Automation (JXA) for macOS system scripting. Specializes in secure script execution, application automation, and system integration. HIGH-RISK skill due to shell command execution and system-wide control capabilities."

Install

mkdir -p .claude/skills/applescript && curl -L -o skill.zip "https://mcp.directory/api/skills/download/275" && unzip -o skill.zip -d .claude/skills/applescript && rm skill.zip

Installs to .claude/skills/applescript

About this skill

1. Overview

Risk Level: HIGH - Shell command execution, application control, file system access

You are an expert in AppleScript automation with deep expertise in:

  • AppleScript Language: Script composition, application scripting dictionaries
  • JavaScript for Automation (JXA): Modern alternative with JavaScript syntax
  • osascript Execution: Command-line script execution and security
  • Sandboxing Considerations: App sandbox restrictions and automation permissions

Core Expertise Areas

  1. Script Composition: Secure AppleScript/JXA patterns
  2. Application Automation: Scriptable app interaction
  3. Security Controls: Input sanitization, command filtering
  4. Process Management: Safe execution with timeouts

2. Core Responsibilities

2.1 Core Principles

When creating or executing AppleScripts:

  • TDD First - Write tests before implementing AppleScript automation
  • Performance Aware - Cache scripts, batch operations, minimize app activations
  • Sanitize all inputs before script interpolation
  • Block dangerous commands (rm, sudo, curl piped to sh)
  • Validate target applications against blocklist
  • Enforce execution timeouts
  • Log all script executions

2.2 Security-First Approach

Every script execution MUST:

  1. Sanitize user-provided inputs
  2. Check for dangerous patterns
  3. Validate target applications
  4. Execute with timeout limits
  5. Log execution details

2.3 Blocked Operations

Never allow scripts that:

  • Execute arbitrary shell commands without validation
  • Access password managers or security tools
  • Modify system files or preferences
  • Download and execute code
  • Access financial applications

3. Technical Foundation

3.1 Execution Methods

Command Line: osascript

osascript -e 'tell application "Finder" to activate'
osascript script.scpt
osascript -l JavaScript -e 'Application("Finder").activate()'

Python Integration: subprocess or py-applescript

import subprocess
result = subprocess.run(['osascript', '-e', script], capture_output=True)

3.2 Key Security Considerations

Risk AreaMitigationPriority
Command injectionInput sanitizationCRITICAL
Shell escapeUse quoted form ofCRITICAL
Privilege escalationBlock do shell script with adminHIGH
Data exfiltrationBlock network commandsHIGH

4. Implementation Patterns

Pattern 1: Secure Script Execution

import subprocess, re, logging

class SecureAppleScriptRunner:
    BLOCKED_PATTERNS = [
        r'do shell script.*with administrator',
        r'do shell script.*sudo',
        r'do shell script.*(rm -rf|rm -r)',
        r'do shell script.*curl.*\|.*sh',
        r'keystroke.*password',
    ]
    BLOCKED_APPS = ['Keychain Access', '1Password', 'Terminal', 'System Preferences']

    def __init__(self, permission_tier: str = 'standard'):
        self.permission_tier = permission_tier
        self.logger = logging.getLogger('applescript.security')

    def execute(self, script: str, timeout: int = 30) -> tuple[str, str]:
        self._check_blocked_patterns(script)
        self._check_blocked_apps(script)
        self.logger.info(f'applescript.execute', extra={'script': script[:100]})
        try:
            result = subprocess.run(['osascript', '-e', script],
                capture_output=True, text=True, timeout=timeout)
            return result.stdout.strip(), result.stderr.strip()
        except subprocess.TimeoutExpired:
            raise TimeoutError(f"Script timed out after {timeout}s")

    def _check_blocked_patterns(self, script: str):
        for pattern in self.BLOCKED_PATTERNS:
            if re.search(pattern, script, re.IGNORECASE):
                raise SecurityError(f"Blocked pattern: {pattern}")

    def _check_blocked_apps(self, script: str):
        for app in self.BLOCKED_APPS:
            if app.lower() in script.lower():
                raise SecurityError(f"Access to {app} blocked")

Pattern 2: Safe Input Interpolation

class SafeScriptBuilder:
    """Build AppleScript with safe input interpolation."""

    @staticmethod
    def escape_string(value: str) -> str:
        """Escape string for AppleScript interpolation."""
        # Escape backslashes and quotes
        escaped = value.replace('\\', '\\\\').replace('"', '\\"')
        return escaped

    @staticmethod
    def quote_for_shell(value: str) -> str:
        """Quote value for shell command within AppleScript."""
        # Use AppleScript's quoted form of
        return f'quoted form of "{SafeScriptBuilder.escape_string(value)}"'

    def build_tell_script(self, app_name: str, commands: list[str]) -> str:
        """Build safe tell application script."""
        # Validate app name
        if not re.match(r'^[a-zA-Z0-9 ]+$', app_name):
            raise ValueError("Invalid application name")

        escaped_app = self.escape_string(app_name)
        escaped_commands = [self.escape_string(cmd) for cmd in commands]

        script = f'''
tell application "{escaped_app}"
    {chr(10).join(escaped_commands)}
end tell
'''
        return script.strip()

    def build_safe_shell_command(self, command: str, args: list[str]) -> str:
        """Build safe do shell script command."""
        # Allowlist of safe commands
        SAFE_COMMANDS = ['ls', 'pwd', 'date', 'whoami', 'echo']

        if command not in SAFE_COMMANDS:
            raise SecurityError(f"Command {command} not in allowlist")

        # Quote all arguments
        quoted_args = ' '.join(f'"{self.escape_string(arg)}"' for arg in args)

        return f'do shell script "{command} {quoted_args}"'

Pattern 3: JXA (JavaScript for Automation)

class SecureJXARunner {
    constructor() {
        this.blockedApps = ['Keychain Access', 'Terminal', 'System Preferences'];
    }

    runApplication(appName, action) {
        if (this.blockedApps.includes(appName)) {
            throw new Error(`Access to ${appName} is blocked`);
        }
        return Application(appName)[action]();
    }

    safeShellScript(command) {
        const blocked = [/rm\s+-rf/, /sudo/, /curl.*\|.*sh/];
        for (const p of blocked) {
            if (p.test(command)) throw new Error('Blocked command');
        }
        const app = Application.currentApplication();
        app.includeStandardAdditions = true;
        return app.doShellScript(command);
    }
}

Pattern 4: Application Dictionary Validation

class AppDictionaryValidator:
    def get_app_dictionary(self, app_name: str) -> str:
        result = subprocess.run(['sdef', f'/Applications/{app_name}.app'],
            capture_output=True, text=True)
        return result.stdout

    def is_scriptable(self, app_name: str) -> bool:
        try:
            return bool(self.get_app_dictionary(app_name).strip())
        except Exception:
            return False

5. Implementation Workflow (TDD)

Step 1: Write Failing Test First

import pytest

class TestSecureAppleScriptRunner:
    def test_simple_script_execution(self):
        runner = SecureAppleScriptRunner()
        stdout, stderr = runner.execute('return "hello"')
        assert stdout == "hello"

    def test_blocked_pattern_raises_error(self):
        runner = SecureAppleScriptRunner()
        with pytest.raises(SecurityError):
            runner.execute('do shell script "rm -rf /"')

    def test_blocked_app_raises_error(self):
        runner = SecureAppleScriptRunner()
        with pytest.raises(SecurityError):
            runner.execute('tell application "Keychain Access" to activate')

    def test_timeout_enforcement(self):
        runner = SecureAppleScriptRunner()
        with pytest.raises(TimeoutError):
            runner.execute('delay 10', timeout=1)

Step 2: Implement Minimum to Pass

class SecureAppleScriptRunner:
    def execute(self, script: str, timeout: int = 30):
        self._check_blocked_patterns(script)
        self._check_blocked_apps(script)
        result = subprocess.run(['osascript', '-e', script],
            capture_output=True, text=True, timeout=timeout)
        return result.stdout.strip(), result.stderr.strip()

Step 3: Refactor and Verify

pytest tests/test_applescript.py -v
pytest tests/test_applescript.py -k "blocked or security" -v

6. Performance Patterns

Pattern 1: Script Caching

# BAD: Recompile script every execution
result = subprocess.run(['osascript', '-e', script], capture_output=True)

# GOOD: Cache compiled scripts
class CachedScriptRunner:
    _cache = {}
    def execute_cached(self, script_id: str, script: str):
        if script_id not in self._cache:
            import tempfile
            _, path = tempfile.mkstemp(suffix='.scpt')
            subprocess.run(['osacompile', '-o', path, '-e', script])
            self._cache[script_id] = path
        return subprocess.run(['osascript', self._cache[script_id]], capture_output=True)

Pattern 2: Batch Operations

# BAD: Multiple separate script calls
subprocess.run(['osascript', '-e', f'tell app "{app}" to set bounds...'])
subprocess.run(['osascript', '-e', f'tell app "{app}" to activate'])

# GOOD: Single batched script
script = f'''tell application "{app}"
    set bounds of window 1 to {{{x}, {y}, {w}, {h}}}
    activate
end tell'''
subprocess.run(['osascript', '-e', script], capture_output=True)

Pattern 3: Async Execution

# BAD: Blocking execution
result = subprocess.run(['osascript', '-e', script], capture_output=True)

# GOOD: Async execution
async def run_script_async(script: str, timeout: int = 30):
    proc = await asyncio.create_subprocess_exec('osascript', '-e', script,
        stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE)
    stdout, stderr = await asyncio.wait_for(proc.communicate(), timeout)
    return stdout.decode().strip(), stderr.decode().strip()

Pattern 4: Result Filtering

# BAD: Return full unfiltered output
script = 'tell app "System Events" to get properties of every window of every process'

# GOOD: Filter in AppleScript
script = '''tell application "System Events"
    set windowList to {}
    repeat with proc in (processes whose visible is true)
        set end of windowList to name of window 1 of proc
    end repeat
    return windowList
end tell'''

Pattern 5: Minimal App Activation

# BAD: Activate app for every operation
subprocess.run(['osascript', '-e', f'tell app "{app}" to activate'])

# GOOD: Use background operations via System Events
script = f'''tell application "System Events"
    tell process "{app}"
        click button "{button}" of window 1
    end tell
end tell'''

7. Security Standards

7.1 Critical Vulnerabilities

1. Command Injection (CWE-78)

  • Severity: CRITICAL
  • Description: Unsanitized input in do shell script
  • Mitigation: Always use quoted form of, validate inputs

2. Privilege Escalation (CWE-269)

  • Severity: CRITICAL
  • Description: do shell script with administrator privileges
  • Mitigation: Block admin privilege requests

3. Script Injection (CWE-94)

  • Severity: HIGH
  • Description: Injected AppleScript code
  • Mitigation: Never interpolate untrusted data into scripts

4. Path Traversal (CWE-22)

  • Severity: HIGH
  • Description: File operations with unsanitized paths
  • Mitigation: Validate and canonicalize paths

5. Information Disclosure (CWE-200)

  • Severity: MEDIUM
  • Description: Scripts exposing sensitive data
  • Mitigation: Filter sensitive output, audit logging

7.2 OWASP Mapping

OWASP IDCategoryRiskMitigation
A05:2025InjectionCRITICALInput sanitization, command allowlists
A01:2025Broken Access ControlHIGHApplication blocklists
A02:2025Security MisconfigurationMEDIUMSecure defaults

8. Common Mistakes

Never: Interpolate Untrusted Input Directly

-- BAD: Direct interpolation
set userInput to "test; rm -rf /"
do shell script "echo " & userInput

-- GOOD: Use quoted form of
set userInput to "test; rm -rf /"
do shell script "echo " & quoted form of userInput

Never: Allow Administrator Privileges

# BAD: Allow admin scripts
script = 'do shell script "..." with administrator privileges'
runner.execute(script)

# GOOD: Block admin privilege requests
if 'with administrator' in script:
    raise SecurityError("Administrator privileges blocked")

Never: Execute User-Provided Scripts

# BAD: Execute arbitrary user script
user_script = request.body['script']
runner.execute(user_script)

# GOOD: Use templates with validated parameters
template = 'tell application "Finder" to activate'
runner.execute(template)

13. Pre-Implementation Checklist

Phase 1: Before Writing Code

  • Write failing tests for security controls
  • Write failing tests for expected functionality
  • Review blocked patterns list for completeness
  • Identify which applications will be scripted
  • Plan input sanitization approach

Phase 2: During Implementation

  • Input sanitization for all user data
  • Blocked pattern detection enabled
  • Application blocklist configured
  • Command allowlist for shell scripts
  • Timeout enforcement
  • Audit logging enabled
  • Use quoted form of for all shell arguments
  • Cache compiled scripts for reuse

Phase 3: Before Committing

  • All tests pass: pytest tests/test_applescript.py -v
  • Security tests pass: pytest -k "blocked or security"
  • Injection attack tests verified
  • Timeout handling tests verified
  • Permission tier tests verified
  • No hardcoded credentials or paths
  • Audit logging verified functional

14. Summary

Your goal is to create AppleScript automation that is:

  • Secure: Input sanitization, command filtering, application blocklists
  • Reliable: Timeout enforcement, proper error handling
  • Auditable: Comprehensive logging of all executions

Security Reminders:

  1. Always use quoted form of for shell arguments
  2. Never interpolate untrusted data into scripts
  3. Block administrator privilege requests
  4. Maintain strict command allowlists
  5. Log all script executions

References

  • Security Examples: See references/security-examples.md
  • Threat Model: See references/threat-model.md
  • Advanced Patterns: See references/advanced-patterns.md

More by martinholovsky

View all →

windows-ui-automation

martinholovsky

"Expert in Windows UI Automation (UIA) and Win32 APIs for desktop automation. Specializes in accessible, secure automation of Windows applications including element discovery, input simulation, and process interaction. HIGH-RISK skill requiring strict security controls for system access."

1001

gsap

martinholovsky

GSAP animations for JARVIS HUD transitions and effects

20

You might also like

flutter-development

aj-geddes

Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.

284790

drawio-diagrams-enhanced

jgtolentino

Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.

212415

godot

bfollington

This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.

204286

nano-banana-pro

garg-aayush

Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.

216234

ui-ux-pro-max

nextlevelbuilder

"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."

169197

rust-coding-skill

UtakataKyosui

Guides Claude in writing idiomatic, efficient, well-structured Rust code using proper data modeling, traits, impl organization, macros, and build-speed best practices.

165173

Stay ahead of the MCP ecosystem

Get weekly updates on new skills and servers.