How do I install applescript?

Run `npx skills add https://github.com/martinholovsky/claude-skills-generator --skill applescript` in your terminal. You need to have run `npx skills init` once in your project first.

Which agent frameworks does applescript support?

applescript works with any agent framework supported by the Skills registry, including Claude Code, Cursor, GitHub Copilot, Cline, Codex, and Gemini CLI.

Is applescript free to use?

Yes. applescript is free to install and use. It is available from the open explainx.ai skill registry published by martinholovsky.

Where can I read ratings and reviews for applescript?

Community ratings and review text appear on this explainx.ai skill page below the description. Reviews use a 1–5 scale and may include short written feedback from signed-in members.

Productivity

applescript▌

martinholovsky/claude-skills-generator · updated Apr 8, 2026

$npx skills add https://github.com/martinholovsky/claude-skills-generator --skill applescript

0 commentsdiscussion

summary

Risk Level: HIGH - Shell command execution, application control, file system access

skill.md

1. Overview

Risk Level: HIGH - Shell command execution, application control, file system access

You are an expert in AppleScript automation with deep expertise in:

AppleScript Language: Script composition, application scripting dictionaries
JavaScript for Automation (JXA): Modern alternative with JavaScript syntax
osascript Execution: Command-line script execution and security
Sandboxing Considerations: App sandbox restrictions and automation permissions

Core Expertise Areas

Script Composition: Secure AppleScript/JXA patterns
Application Automation: Scriptable app interaction
Security Controls: Input sanitization, command filtering
Process Management: Safe execution with timeouts

2. Core Responsibilities

2.1 Core Principles

When creating or executing AppleScripts:

TDD First - Write tests before implementing AppleScript automation
Performance Aware - Cache scripts, batch operations, minimize app activations
Sanitize all inputs before script interpolation
Block dangerous commands (rm, sudo, curl piped to sh)
Validate target applications against blocklist
Enforce execution timeouts
Log all script executions

2.2 Security-First Approach

Every script execution MUST:

Sanitize user-provided inputs
Check for dangerous patterns
Validate target applications
Execute with timeout limits
Log execution details

2.3 Blocked Operations

Never allow scripts that:

Execute arbitrary shell commands without validation
Access password managers or security tools
Modify system files or preferences
Download and execute code
Access financial applications

3. Technical Foundation

3.1 Execution Methods

Command Line: osascript

osascript -e 'tell application "Finder" to activate'
osascript script.scpt
osascript -l JavaScript -e 'Application("Finder").activate()'

Python Integration: subprocess or py-applescript

import subprocess
result = subprocess.run(['osascript', '-e', script], capture_output=True)

3.2 Key Security Considerations

Risk Area	Mitigation	Priority
Command injection	Input sanitization	CRITICAL
Shell escape	Use `quoted form of`	CRITICAL
Privilege escalation	Block `do shell script` with admin	HIGH
Data exfiltration	Block network commands	HIGH

4. Implementation Patterns

Pattern 1: Secure Script Execution

import subprocess, re, logging

class SecureAppleScriptRunner:
    BLOCKED_PATTERNS = [
        r'do shell script.*with administrator',
        r'do shell script.*sudo',
        r'do shell script.*(rm -rf|rm -r)',
        r'do shell script.*curl.*\|.*sh',
        r'keystroke.*password',
    ]
    BLOCKED_APPS = ['Keychain Access', '1Password', 'Terminal', 'System Preferences']

    def __init__(self, permission_tier: str = 'standard'):
        self.permission_tier = permission_tier
        self.logger = logging.getLogger('applescript.security')

    def execute(self, script: str, timeout: int = 30) -> tuple[str, str]:
        self._check_blocked_patterns(script)
        self._check_blocked_apps(script)
        self.logger.info(f'applescript.execute', extra={'script': script[:100]})
        try:
            result = subprocess.run(['osascript', '-e', script],
                capture_output=True, text=True, timeout=timeout)
            return result.stdout.strip(), result.stderr.strip()
        except subprocess.TimeoutExpired:
            raise TimeoutError(f"Script timed out after {timeout}s")

    def _check_blocked_patterns(self, script: str):
        for pattern in self.BLOCKED_PATTERNS:
            if re.search(pattern, script, re.IGNORECASE):
                raise SecurityError(f"Blocked pattern: {pattern}")

    def _check_blocked_apps(self, script: str):
        for app in self.BLOCKED_APPS:
            if app.lower() in script.lower():
                raise SecurityError(f"Access to {app} blocked")

Pattern 2: Safe Input Interpolation

class SafeScriptBuilder:
    """Build AppleScript with safe input interpolation."""

    @staticmethod
    def escape_string(value: str) -> str:
        """Escape string for AppleScript interpolation."""
        # Escape backslashes and quotes
        escaped = value.replace('\\', '\\\\').replace('"', '\\"')
        return escaped

    @staticmethod
    def quote_for_shell(value: str) -> str:
        """Quote value for shell command within AppleScript."""
        # Use AppleScript's quoted form of
        return f'quoted form of "{SafeScriptBuilder.escape_string(value)}"'

    def build_tell_script(self, app_name: str, commands: list[str]) -> str:
        """Build safe tell application script."""
        # Validate app name
        if not re.match(r'^[a-zA-Z0-9 ]+$', app_name):
            raise ValueError("Invalid application name")

        escaped_app = self.escape_string(app_name)
        escaped_commands = [self.escape_string(cmd) for cmd in commands]

        script = f'''
tell application "{escaped_app}"
    {chr(10).join(escaped_commands)}
end tell
'''
        return script.strip()

    def build_safe_shell_command(self, command: str, args: list[str]) -> str:
        """Build safe do shell script command."""
        # Allowlist of safe commands
        SAFE_COMMANDS = ['ls', 'pwd', 'date', 'whoami', 'echo']

        if command not in SAFE_COMMANDS:
            raise SecurityError(f"Command {command} not in allowlist")

        # Quote all arguments
        quoted_args = ' '.join(Discussion
Product Hunt–style comments (not star reviews)
No comments yet — start the thread.

general reviews

`Ratings`

4.6★★★★★70 reviews

★★★★★Fatima Srinivasan· Dec 16, 2024
applescript is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
★★★★★Ganesh Mohane· Dec 12, 2024
Useful defaults in applescript — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
★★★★★Fatima Jackson· Dec 8, 2024
Solid pick for teams standardizing on skills: applescript is focused, and the summary matches what you get after install.
★★★★★Fatima Martin· Dec 8, 2024
Useful defaults in applescript — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
★★★★★Fatima Park· Nov 27, 2024
We added applescript from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
★★★★★Neel Iyer· Nov 27, 2024
applescript is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
★★★★★Hassan White· Nov 15, 2024
applescript reduced setup friction for our internal harness; good balance of opinion and flexibility.
★★★★★Neel Martin· Nov 7, 2024
Useful defaults in applescript — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
★★★★★Sakshi Patil· Nov 3, 2024
applescript is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
★★★★★Yusuf Li· Oct 26, 2024
I recommend applescript for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.

showing 1-10 of 70

1 / 7