macOS Automator

Name: macOS Automator
Author: ivangdavila

Description

Automate macOS tasks by composing and executing Automator workflows through automator CLI and AppleScript control.

README (SKILL.md)

Setup

On first use, follow setup.md to capture activation behavior and safety preferences. Setup is read-only. Any local file write requires explicit user confirmation.

When to Use

User needs to automate macOS tasks with Automator workflows instead of manual UI steps. Agent handles workflow execution, workflow composition, and repeatable runbooks using official Automator interfaces.

Requirements

macOS with automator and osascript available.
Automator app installed at /System/Applications/Automator.app.
Explicit user confirmation before destructive or bulk operations.

Architecture

Memory lives in ~/automator/. See memory-template.md for structure.

~/automator/
├── memory.md                # Activation rules and safety defaults
├── workflows.md             # Known workflow paths and run arguments
├── action-catalog.md        # Verified action names and categories
└── incidents.md             # Failures and proven fixes

Quick Reference

Use these files when the task needs deeper detail.

Topic	File
Setup behavior and activation	`setup.md`
Memory structure	`memory-template.md`
Execution path matrix	`interface-matrix.md`
Workflow authoring patterns	`workflow-authoring.md`
Write safety gates	`execution-guardrails.md`
Debug and recovery	`troubleshooting.md`

Data Storage

All local skill data stays in ~/automator/. Before creating or changing local files, state the write scope and ask for confirmation.

External Endpoints

Endpoint	Data Sent	Purpose
None	None	This skill uses local macOS interfaces only

No other data is sent externally.

Core Rules

1. Pick Interface by Intent, Not Convenience

For running an existing .workflow, use automator CLI first.
For composing or inspecting workflow internals, use Automator AppleScript commands from workflow-authoring.md.
Only use shortcuts fallback if user explicitly asks for Shortcuts conversion.

2. Validate Workflow Identity Before Execution

Require absolute workflow path and verify it exists.
Confirm type (.workflow) and target operation (read, write, destructive).
If the workflow path is ambiguous, stop and ask one clarifying question.

3. Enforce Read-Before-Write for Workflow Changes

Before editing, inspect current action list and settings.
Apply one mutation at a time and re-read state after each mutation.
Never batch-edit unknown actions in a single pass.

4. Parameterize Inputs with Explicit Boundaries

Use automator -i or -D name=value only with validated inputs.
Reject unbounded stdin streams for write workflows.
Echo resolved parameters before run so the user can verify intent.

5. Require Two-Step Confirmation for Destructive Runs

Use execution-guardrails.md before delete, reset, or mass-change paths.
Ask for explicit confirmation that includes target and scope.
If confirmation is missing, do not run the workflow.

6. Keep Runs Observable and Reproducible

Prefer verbose mode (-v) for first execution or after failure.
Record command, input source, and result in concise run notes.
Return actionable output, not only "completed" status.

7. Recover with Concrete Next Actions

On failure, classify as path, permission, action mismatch, or runtime data error.
Provide the next command to run, not generic retry advice.
Persist only reusable fix patterns into local memory.

Automator Traps

Running relative paths from unknown working directories -> workflow not found.
Guessing action names without dictionary inspection -> compile succeeds, runtime fails.
Feeding multiline stdin into write workflows without boundaries -> unintended bulk edits.
Mixing Automator and Shortcuts assumptions in one run -> incompatible action model.
Treating permission prompts as transient errors -> repeated blocked execution.

Security & Privacy

Data that stays local:

Workflow paths, verified action names, and run diagnostics in ~/automator/.
Command output required to complete the requested automation task.

Data that leaves your machine:

None by default.

This skill does NOT:

Access credentials outside the workflow request scope.
Send workflow content to third-party services.
Execute destructive automation without explicit confirmation.

Related Skills

Install with clawhub install \x3Cslug> if user confirms:

applescript - Script app automation with robust quoting and pre-read checks.
automate - Design reliable multi-step automation workflows.
macos - Use macOS command-line and system operation patterns.
workflow - Structure repeatable workflows and handoff checkpoints.

Feedback

If useful: clawhub star automator
Stay updated: clawhub sync

Usage Guidance

This skill appears coherent with its purpose, but before enabling it: (1) verify you trust the skill source, (2) be prepared to grant macOS Automation permissions for Automator/osascript when prompted, (3) review any workflow files and absolute paths the agent proposes to run or edit (do not run unknown/destructive workflows), (4) allow the skill to create ~/automator/ only if you accept local storage of preferences and run logs, and (5) keep destructive operations gated by the two-step confirmations the skill requires. If you want extra caution, run in verbose/read-only mode first and back up important files before permitting write or destructive workflows.

Capability Analysis

Type: OpenClaw Skill Name: automator Version: 1.0.0 The skill is classified as benign. All files consistently emphasize safety, user confirmation for write/destructive operations, and local data storage. The `SKILL.md` explicitly states 'No other data is sent externally' and 'This skill does NOT: Access credentials outside the workflow request scope. Send workflow content to third-party services. Execute destructive automation without explicit confirmation.' The instructions for the AI agent in `SKILL.md`, `execution-guardrails.md`, and `setup.md` are designed to ensure transparent, controlled, and reversible automation, mitigating potential risks associated with powerful macOS tools like `automator` and `osascript`.

Capability Assessment

✓ Purpose & Capability

Name/description match required binaries (automator, osascript) and macOS Automator app path checks. Requested artifacts (workflow paths, local memory under ~/automator/) are appropriate and proportional to the stated goal of composing and running Automator workflows.

✓ Instruction Scope

Runtime instructions are limited to local Automator interfaces (automator CLI and AppleScript via osascript). The SKILL.md explicitly requires absolute paths, read-before-write checks, and two-step confirmations for destructive runs. The skill does propose writing a small local memory directory (~/automator/) but states writes require explicit user confirmation.

✓ Install Mechanism

Instruction-only skill with no install spec and no downloaded code. No archives or external packages are pulled in, which minimizes disk-write and supply-chain risk.

✓ Credentials

No environment variables, credentials, or unrelated config paths are requested. The only filesystem interaction is a local ~/automator/ directory for optional memory and confirmed workflow edits, which aligns with the skill's purpose.

✓ Persistence & Privilege

always:false and user-invocable; the skill will persist small local state in ~/automator/ when the user permits. It does not request system-wide config changes or other skills' credentials. AppleScript/Automator runs do require macOS automation/privacy permissions, which is expected for this functionality.

Version History

v1.0.0

Initial release with Automator CLI execution paths, AppleScript authoring patterns, and safety-first write controls.

Metadata

Slug automator

Version 1.0.0

License —

All-time Installs 2

Active Installs 2

Total Versions 1

Frequently Asked Questions

What is macOS Automator?

Automate macOS tasks by composing and executing Automator workflows through automator CLI and AppleScript control. It is an AI Agent Skill for Claude Code / OpenClaw, with 508 downloads so far.

How do I install macOS Automator?

Run "/install automator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is macOS Automator free?

Yes, macOS Automator is completely free (open-source). You can download, install and use it at no cost.

Which platforms does macOS Automator support?

macOS Automator is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin).

Who created macOS Automator?

It is built and maintained by Iván (@ivangdavila); the current version is v1.0.0.

More Skills