Mac's open command - too powerful

  • I don't actually recommend this because, as the title suggests, there's a potential security risk here if someone gets ahold of your password or token, but it's still pretty cool to play with and it solved this problem so I thought I'd post it as an example.

    I added a command to my mac that runs the "open" command and enabled parameters.

    Then I used slash command with the new Slack app to open Finder to my desktop folder:

    /triggercmd open on mac with ~/Desktop

    Here's the dangerous bit: I also found I could run any arbitrary command on my mac.

    I could also calculator with this command:

    /triggercmd open on mac with -a calculator

    The "open" command is a little too powerful because it lets you run any command. So if you do this, don't give out your token or password to if you do this (it's never a good idea to give those out anyway).

    I warned you but in case you want to do it anyway:

    • Use the GUI editor to add a command called open with open as the command, and enable parameters.

    • Go here and click the Add to Slack button

    • Go to the Instructions page and copy your token.

    • Run this slash command to link your Slack account with your TRIGGERcmd account:

         /triggercmd-token [paste your token here]
    • Run this slash command:

         /triggercmd open on mac with ~/Desktop
    • Profit.

    If you just want to open Calculator, a safer Slack command would be:

    /triggercmd calculator

Log in to reply