applescript-mcp

An MCP server for macOS that exposes AppleScript-driven actions (calendar, clipboard, Finder, notifications, system controls, iTerm, Shortcuts, Mail, Messages, Notes, and Pages) to LLM/MCP clients via tool calls over stdio.

Evaluated Mar 30, 2026 (21d ago)

Repo ↗ Automation mcp macos applescript automation tool-server productivity

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

/ 100

Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality

Documentation

Error Messages

Auth Simplicity

Rate Limits

🔒 Security

TLS Enforcement

100

Auth Strength

Scope Granularity

Dep. Hygiene

Secret Handling

No network auth/TLS surface is described because it is a local stdio MCP server. Security largely relies on macOS privacy/automation permissions. The tool set includes high-impact actions (launch/quit apps, sending notifications/messages, manipulating calendar/notes), so least-privilege OS permissioning and careful agent prompting/auditing are important.

⚡ Reliability

Uptime/SLA

Version Stability

Breaking Changes

Error Recovery

Best When

You need local, user-approved macOS automation from an MCP-capable agent to perform interactive productivity tasks.

Avoid When

You need a network API with fine-grained auth/rate limiting or strong reliability guarantees for repeated/transactional operations.

Use Cases

• Let an LLM control macOS apps and system features (volume, dark mode, launch/quit apps)
• Perform personal information management tasks (calendar events/reminders, notes, Pages documents)
• Automate communications workflows (compose/read mail and messages via Mail.app and Messages.app)
• Integrate clipboard and Finder operations into assistant-driven workflows
• Trigger macOS automation via Shortcuts

Not For

• Security-sensitive automation without proper OS permission scoping and auditing
• Remote multi-tenant services (it is designed for local/macOS interaction)
• Environments that cannot grant Apple Automation permissions (Automation/Scripting, Full Disk Access, etc.)
• Use cases requiring robust programmatic idempotency guarantees or strong transactional semantics

Interface

REST API

GraphQL

gRPC

MCP Server

Yes

SDK

Webhooks

Authentication

Methods: stdio transport (MCP server), no network API authentication described

OAuth: No Scopes: No

No explicit auth mechanism is described in the README. Access control is likely enforced by OS permissions (Automation/Full Disk Access, etc.) and the fact it runs locally as a user process.

Pricing

Free tier: No

Requires CC: No

Repository is open source (MIT) and the README does not describe any hosted pricing.

Agent Metadata

Pagination

none

Idempotent

False

Retry Guidance

Not documented

Known Gotchas

⚠ Apple Automation permission prompts may be required (Automation/Scripting permissions; some features mention Full Disk Access).
⚠ Some actions (e.g., Messages/Mail) may fail depending on OS privacy permissions and app states.
⚠ Retrying side-effecting actions (create/send) without idempotency can create duplicates.

Alternatives

Other MCP servers for desktop automation (e.g., browser/OS automation bridges) Local scripts callable via your own wrapper (AppleScript/osascript with a custom MCP layer) RPA tools with dedicated connectors (for non-LLM automation pipelines)

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for applescript-mcp.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-30.