The /usr/bin/shortcuts command can be used to run, well, shortcuts. Shortcuts are small scripts that are interpreted by the Shortcuts app. They can run shell scripts, JavaScripts, and even SSH into other hosts to fire off more complex automations. These can be fairly complex automations programmatically by importing shortcuts from the Gallery of those Apple provides. This allows for what might not even be a possible atomic operation to run and daisy chain scripts to provide input or output to shortcuts.
The scripting might be considered dangerous and so is disabled by default. To enable scripts to be run from a shortcut, open the Shortcuts app and select Settings from the Shortcuts menu, click on Advanced, and then check the box for Allow Running Scripts.
Now from Automator, er, I mean the Shortcuts app, click on All Shortcuts. New shortcuts can be added by clicking on the plus sign. In the following example, we make one that just opens this website using a small snippet of JavaScript.
From the command line, it’s then possible to list shortcuts, run them, view them, and sign them passing those four verbs into the shortcuts command. So to run the shortcut called krypted that we just created simply run:
/usr/bin/shortcuts run krypted
To see a list of shortcuts on a given device, use the list verb:
/usr/bin/shortcuts list
Use the sign verb to sign them as well. Most interactivity with shortcuts is blocked by a sandbox. For example, one cannot simply list the contents of ~/Library/Shortcuts. Instead, SIP would have to be disabled to do so. The shortcuts preferences also provide very little feedback:
bash-3.2# defaults read ~/Library/Preferences/com.apple.shortcuts.plist
{
CKPerBootTasks = (
CKAcccountInfoCacheReset
);
CKStartupTime = 1668090614;
wdsCacheCleanupState = {
"com.apple.shortcuts" = 1;
};
}
Keep in mind, by virtue Shortcuts provides an automation framework. A goal of the privacy controls in macOS has been to make it easy to have visibility into what is happening on the Mac. Shortcuts is an example of fusing the best of Automator and various scripting environments with Apple’s ethos of custom scripting flows. It’s not swift, and it hasn’t received a lot of updates recently, but to a user who just wants to automate some basic tasks it’s fairly approachable and even has integration with Share Sheets, so the output of a shortcut can be passed on to others when manually run – including sending people information automatically garnered with shortcuts that were already run.
A savvy administrator can also use an agent to obtain the shortcuts on machines and catalog them into a device management solution – thus providing a little telemetry into whether they’re being used in environments. For example, pipe the output of that shortcuts list command from earlier into an extension attribute.
