If you discover a security vulnerability, please report it responsibly:

1. Do not open a public issue
2. Email the maintainer or use GitHub's private vulnerability reporting
3. Include a description of the vulnerability and steps to reproduce

This project grants Claude control over your computer (mouse, keyboard, screen capture, shell commands). Please be aware of the following:

• API keys are stored locally and only sent to Anthropic's API
• Screen captures are processed locally and sent to Anthropic for analysis
• Bash commands executed by Claude run with your user permissions
• AppleScript can control macOS applications with your user privileges
• Accessibility permissions are required and should only be granted to trusted applications

• Never expose your ANTHROPIC_API_KEY in code or logs
• Review Claude's proposed actions before granting broad automation permissions
• Use the tool in a controlled environment when testing new automation workflows
• Keep dependencies up to date (pip install --upgrade -r requirements.txt)