Shortcuts Scanner

Inspect, Analyze & Download Apple Shortcuts from iCloud with AI-Powered Security Scanning Shortcuts Scanner is a free, open-source Chrome extension that lets you inspect and analyze Apple Shortcuts directly from iCloud.com before installing them. See exactly what actions are performed, identify potential security risks, and export in multiple formats—all without leaving your browser. 🔍 WHY YOU NEED THIS Before installing from iCloud, wouldn't you like to know: - What actions does it actually perform? - Does it access your clipboard, files, or personal data? - Does it make network calls to external servers? - Are there any hidden or suspicious behaviors? - Is it safe to trust? This extension provides complete transparency into any publicly shared item on iCloud. 🎯 PERFECT FOR - Security researchers analyzing automation behavior - Developers debugging and inspecting their creations - Power users who want to verify items before installation - Anyone concerned about privacy and security - iOS and Mac users who frequently use automation - Developers learning how iOS automation works ✨ KEY FEATURES COMPLETE INSPECTION - Browse all actions with search and filtering - Expand/collapse functionality for easy navigation - View metadata including action count and version info - See actual icon images and color swatches - Search through multiple data formats AI-POWERED SECURITY SCANNING - Comprehensive scanning powered by OpenAI, Anthropic, and OpenRouter - Three scanning modes: Quick Scan, Standard Review, and Deep Audit - Identifies suspicious patterns, data flows, and external connections - Detects potential risks like path traversal, hardcoded credentials, and obfuscation - Provides actionable recommendations and risk assessments - Compares claimed functionality vs. actual behavior MULTIPLE EXPORT FORMATS - Download as .shortcut file (ready to import) - Export as XML plist format - Export as JSON format - Copy content to clipboard with one click - View raw iCloud API response PRIVACY & SECURITY FIRST - No tracking, analytics, or telemetry - No data collection of any kind - API keys encrypted locally with AES-256-GCM - Device-bound encryption prevents key extraction - Open source—verify our code yourself - All processing happens on your device 🤖 AI SCANNING MODES Quick Scan: Fast initial assessment with high-level risk overview and top concerns. Perfect for quick verification. Standard Review: Comprehensive examination with detailed findings, data flow mapping, network call identification, and permission review. Recommended for most use cases. Deep Audit: Thorough examination including adversarial scenarios, obfuscation detection, and trust chain review. Best for high-risk or complex items. 📊 WHAT GETS ANALYZED - Purpose verification: Compares claimed vs. actual functionality - Data flow tracking: Maps how information moves through actions - External connections: Lists all URLs and assesses domain reputation - Permission review: Flags potentially unnecessary access - Risk detection: Identifies suspicious patterns and code - Trust indicators: Highlights legitimate usage patterns 🔐 YOUR PRIVACY MATTERS - NO tracking or analytics (no Google Analytics, no Mixpanel) - NO telemetry or crash reporting - NO user accounts or identification - NO browsing history access - NO data sent to our servers (we don't have any!) - API keys encrypted with OWASP 2025 compliant methods - All data stored locally on your device - Open source—verify everything on GitHub When you use AI scanning, content is sent ONLY to your chosen provider using your own API key. We never see your data. 📋 HOW IT WORKS 1. Visit any item on iCloud.com (example: icloud.com/shortcuts/abc123...) 2. Click the extension icon to open the side panel 3. Choose your view: Overview, Actions, Scanner, or Raw Data 4. Optionally run AI scanning with your own API key 5. Download or copy in your preferred format 🔧 BUILT WITH Modern technologies including TypeScript, React 18, Chakra UI, Zustand, Vite, and Chrome Manifest V3 for enhanced security. Supported AI providers: OpenAI (GPT-4o, GPT-4 Turbo), Anthropic (Claude Sonnet 4.5, Claude Opus 4.5), and OpenRouter with access to multiple models. 🚀 GETTING STARTED 1. Install the extension 2. Visit any item on iCloud.com 3. Click the extension icon 4. Start exploring! For AI scanning (optional): 1. Click Settings (gear icon) 2. Add your API key from OpenAI, Anthropic, or OpenRouter 3. Create an encryption password 4. Select your preferred model 5. Click "Run Security Scan" 💡 USE CASES Research: Analyze automation behavior, identify data exfiltration attempts, study security patterns Development: Debug your creations, learn from others' implementations, test configurations Safety: Verify items before installing, check required permissions, identify privacy risks Education: Learn how iOS automation works, understand action syntax, study real-world examples ⚠️ IMPORTANT NOTES - Works with publicly accessible items on iCloud.com - Signed items (iOS 15+) may not be downloadable via the API - AI scanning requires your own API key (free tier available) - Quality depends on the model you choose 🌟 OPEN SOURCE Completely open source under Apache 2.0 License. Review our code, verify privacy claims, contribute improvements, report issues, or fork and customize on GitHub. 📖 PERMISSIONS We request only the minimum necessary: - sidePanel: Display the inspection interface - activeTab: Detect when viewing items on iCloud.com - storage: Store encrypted API keys locally - alarms: Handle session timeouts - icloud.com & icloud-content.com: Fetch data and files - AI provider URLs: Optional scanning features 🎁 COMPLETELY FREE No subscriptions, premium tiers, or paywalls. Free forever—guaranteed by open source license. 🔗 RELATED Built by the creators of Shortcut Actions. Download AI & Automation Actions on the App Store for even more capabilities. Not affiliated with, endorsed by, or sponsored by Apple Inc. "Apple", "Shortcuts", and "iCloud" are trademarks of Apple Inc.