ИИ-автоматизация 4 июня 2026 г.

OpenClaw + AppleScript: управление Mac-приложениями(2026)

Редакция KvmZone·4 июня 2026 г.·~16 мин
OpenClaw AppleScript Automator bridge controlling Mac desktop apps 2026

Most OpenClaw setups stop at chat: the agent answers in a thread but never touches Keynote, Finder, or System Settings. That is not an OpenClaw limitation—it is missing macOS automation plumbing. Apple gives you two durable bridges: AppleScript (via osascript) and Automator (saved workflows you trigger from the shell). Wire either into an OpenClaw skill and your agent gains a physical body on the desktop: open apps, export PDFs, nudge volume, or run multi-step GUI macros—under your permission prompts.

This is a Type A bridge tutorial: architecture, a six-step runbook, troubleshooting for TCC (“sandbox”) errors, and FAQ. Pair with hour-zero OpenClaw install, doctor when gateways fail, webhook + CI patterns, and skills batching. Apple references: Automate actions in Shortcuts on Mac and the AppleScript Language Guide.

Disclosure: KvmZone rents remote Mac mini hosts for macOS workloads. This tutorial works on any Mac you control; SSH rental is optional when you need an always-on gateway.

Quotable rule: OpenClaw does not “break the sandbox.” You grant Automation and Accessibility to the process that runs osascript (Terminal, launchd, or OpenClaw’s gateway user)—then skills call a thin shell bridge you audit.

Почему текстовые агенты недоиспользуют Mac

SymptomRoot causeBridge fix
Agent says “I exported the PDF” but no file existsNo tool invokes GUI appsosascript + Keynote export script
Webhook fires but desktop unchangedGateway has no macOS toolSkill → ~/bin/openclaw-mac-bridge.sh
Works in Terminal, fails under launchdDifferent user / TCC contextRun doctor as daemon user; duplicate TCC grants
Automator workflow “hangs”UI dialog blockedPre-save workflow with no prompts

16GB Mac mini hosts (local or rented) are enough for one GUI automation lane plus OpenClaw gateway—avoid running three heavy Keynote exports in parallel; unified memory pressure looks like “OpenClaw crashed” (see swap playbook).

Архитектура: SKILL.md → shell-мост → macOS

Chat/webhook → OpenClaw gateway → skill (allowed tools: shell) → openclaw-mac-bridge.sh → osascript | automator → native app

Files to pin

PiecePathRole
Skill manifest~/.openclaw/workspace/skills/mac-desktop-bridge/SKILL.mdDocuments allowed actions + args
Bridge script~/bin/openclaw-mac-bridge.shWhitelist actions; no arbitrary eval
AppleScripts~/Scripts/openclaw/*.applescriptOne file per app workflow
Automator exports~/Library/Workflows/Applications/*.workflowGUI-built macros
Audit log~/.openclaw/logs/mac-bridge.logTimestamp, action, exit code

Example SKILL.md front matter

---
name: mac-desktop-bridge
description: Run whitelisted macOS desktop actions via openclaw-mac-bridge.sh
allowed_tools: [shell]
---

When the user asks to control Mac apps (Keynote, volume, brightness), call:
  openclaw-mac-bridge.sh <action> [args]
Never run raw osascript outside the bridge.

Runbook из 6 шагов: Keynote + громкость

Step 1 — Confirm gateway user and shell

whoami
echo $SHELL
openclaw doctor

Pass: same user you will grant in System Settings → Privacy & Security → Automation.

Step 2 — Create the bridge script

~/bin/openclaw-mac-bridge.sh:

#!/bin/bash
set -euo pipefail
LOG=~/.openclaw/logs/mac-bridge.log
ACTION="${1:-}"; shift || true
mkdir -p "$(dirname "$LOG")"
log() { echo "$(date -Iseconds) $*" >> "$LOG"; }
case "$ACTION" in
  volume)
    VAL="${1:-50}"
    osascript -e "set volume output volume $VAL"
    log "volume $VAL ok"
    ;;
  keynote-export)
    osascript "$HOME/Scripts/openclaw/keynote-export-pdf.applescript" "$@"
    log "keynote-export $* exit $?"
    ;;
  automator)
    WF="${1:?workflow path}"
    /usr/bin/automator "$WF"
    log "automator $WF exit $?"
    ;;
  *)
    echo "unknown action: $ACTION" >&2; exit 2
    ;;
esac
chmod 700 ~/bin/openclaw-mac-bridge.sh

Step 3 — Add Keynote export AppleScript

~/Scripts/openclaw/keynote-export-pdf.applescript:

on run argv
  set outPath to item 1 of argv
  tell application "Keynote"
    activate
    export front document as PDF to POSIX file outPath
  end tell
end run
osascript ~/Scripts/openclaw/keynote-export-pdf.applescript "$HOME/Desktop/openclaw-test.pdf"

Pass: PDF appears; Keynote may prompt once for Automation—click OK.

Step 4 — Register the OpenClaw skill

Copy SKILL.md into ~/.openclaw/workspace/skills/mac-desktop-bridge/. Reload skills:

openclaw gateway restart
# or your build's equivalent skill reload command

Invoke in chat: “Set volume to 30 and export Keynote PDF to Desktop/openclaw-test.pdf.” Pass: check ~/.openclaw/logs/mac-bridge.log.

Step 5 — Optional Automator workflow

  1. Open Automator → New Quick Action or Application.
  2. Add actions (e.g., Render PDF Pages, Set Computer Volume).
  3. Save as ~/Library/Workflows/Applications/OpenClaw-Volume50.workflow.
openclaw-mac-bridge.sh automator "$HOME/Library/Workflows/Applications/OpenClaw-Volume50.workflow"

Step 6 — Wire webhook or group command (production)

Map a fixed phrase to bridge actions—never free-form shell from untrusted senders:

# Example: only allow exact command tokens from your bot ACL
case "$TEXT" in
  "/mac volume 40") openclaw-mac-bridge.sh volume 40 ;;
  "/mac keynote-pdf") openclaw-mac-bridge.sh keynote-export "$HOME/Desktop/brief.pdf" ;;
esac

Configure rate limits before exposing desktop control to group chats.

Устранение неполадок

Error pattern: Not authorized to send Apple events to Keynote (-1743)

Symptoms: osascript fails; bridge logs exit 1.

Fix:

  1. System Settings → Privacy & Security → Automation — enable Terminal (or node / your gateway binary) → Keynote.
  2. Re-run under the same user as launchd:
sudo -u "$(whoami)" osascript -e 'tell application "Keynote" to count documents'

If using a rented Mac, complete grants over SSH then verify with a one-shot script—avoid sharing the host with untrusted tenants.

Error pattern: bridge works interactively, silent fail under gateway

Symptoms: openclaw doctor green in SSH; webhook runs but no desktop effect.

launchctl print gui/$(id -u)/com.openclaw.gateway 2>/dev/null | head -30
sudo -u _openclaw ~/bin/openclaw-mac-bridge.sh volume 20   # adjust user label

Duplicate Automation grants for the daemon executable, not only Terminal. See doctor crash guide.

FAQ

Is this safe to expose to a public Telegram group?+
No. Treat desktop bridge commands like root SSH: ACL allowlists, fixed phrases, and rate limits. Never pass user-supplied shell to osascript.
AppleScript vs Automator—which first?+
AppleScript for precise app verbs (Keynote export, Finder reveal). Automator when operators prefer GUI composition; still invoke via the same bridge script.
Does SKILL.md alone control apps?+
SKILL.md is instructions; execution requires a tool (typically shell) that you restrict to openclaw-mac-bridge.sh.
Will this work on Apple Silicon rented Mac mini?+
Yes—same macOS TCC rules. Use SSH workflow for setup; GUI grants may need one logged-in session to click prompts.
Brightness control?+
Use AppleScript against System Events (reduced on recent macOS) or Automator actions. Test on your OS version before documenting for the team.

Optional: always-on gateway host

Most bridge steps run on any Mac you own. If you need a dedicated Mac mini for 24/7 gateway + desktop automation, compare regional pricing—no requirement for this tutorial.

View Pricing Help