(CCed from the Mac forum)

The 'An external application is trying to use skype' popup is pretty annoying. Is there a way to disable this? I see in the PC version, there is a field called "SILENT_MODE" which looks like it would do the trick, but alas, it doesn't work on the MAC. When I attempt this command, I get "ERROR 18 SET: invalid WHAT".

So, what I'm getting at is:
1) Is there a way to disable "external application" popup on the mac.
2) Would silent mode do this?
2a) When would silent mode be implemented?

-Thorrin

Hey,

It's not possible to avoid that notification as we believe that the customer has a right to know what is going on with his Skype and what other programs are accessing it. Not even Silent mode can provide this.

Currently I am unable to give you any timeline when Silent mode will be usable with Skype for Mac.

Regards,
Mirje

The problem isn't that Skype asks for authorisation when a new programme tries to connect to it for the first time but rather that with Applescript it asks for authorisation EVERY time.

I have a Free-1 USB phone for example which asked for authorisation the first time I ran the software and since then just communicates with Skype without needing authorisation each time. However with Applescript, every time the same Applescript tries to access Skype it requires authorisation.

We're not asking for no authorisation to be necessary when an Applescript accesses Skype only that, as with other programmes that access Skype, it should only happen the first time you run Applescript.

Kim.

Please file a Jira issue if you believe this is a bug.

Regards,
Mirje

Hello

I've come up with the same problem and the same conclusion,this has to be a bug as it cannot be purposefully implemented that the authorisation pop-up appears at every use of applescript since it doesn't with other requests sent by other hardware or applications.
Actually in my experience skype asks me for authorisation only once and behaves as expected afterwards,but after a reboot of my computer it will ask me again.
Since the last post in this topic is quite old I wanted to inform myself if a Jira-issue has been filed yet? neither v. 2.5,nore 2.6 or 2.7 beta versions of skype have resolved this problem.
Regards,
Julius

I can confirm that this isn't just happening with applescript. I havn't been able to track down the exact symptoms either as sometimes the pop-up won't appear and sometimes it does. From what I can work out so far, if your program that connects to skype changes, the pop-up will re-appear. Was there a Jira bug filed about this as mentioned in the previous post from Mirje? Was this on Leopard or Tiger too?

Cannot reproduce this behaviour. It is supposed to ask you the 1st time an external app is connecting to Skype and if you allow it permanently then it stays allowed permanently. As far as we can tell, this is the way it currently works. If the problem persists make a Jira case with screenies.

Jira bug has been filed at https://developer.skype.com/jira/browse/SPA-517

With applescript, it is presumably a script interpreter that connects to Skype.

You realise that allowing that interpreter free access to Skype would also grant access to all other possible scripts?

Just had a check and the application that appears in the "API Security" window is indeed "AppleScript"


Sounds like a serious security flaw. How will Skype address this?

If I use a terminal-command to show all running processes only Applescript and Skype are active (apart from all the other sub-routines).
I only want to point out that if someone writes an Applescript that uses features of Skype or is able to change simple things such as online-status ect., Skype will ask for authorisation of that script every time, and I cannot imagine this is the way Applescript API support is supposed to work.
I do not want to exclude Applescript from the authorisation promt. That would indeed be a security-breach to Skype. But I kinda expect a user-approved script to run as intended after one-time authorisation.
Regards,
me

> But I kinda expect a user-approved script to run as intended after
> one-time authorisation

I would like to point out that it is principally -impossible- for Skype to reliably identify a script that gets executed by an interpreter (such as Applescript, Javascript, etc). If we cannot identify it, we cant authorize it either.

Skype only knows which executable attempts connect to API. It then calculates hash of that executable and checks if that hash has been authorized. In case of script interpreters, the executable (and it's hash) is always the interpreter. There is no realistic way for us to know what sort of script that interpreter is going to run.

Solution - do not use scripts and get a compiler. If you produce your own Skype-connnecting executable, then you will only be bugged by that authorization dialog every time you change your code.

Good point. I hadn't looked at it that way before.
So you're telling me that the Applescriptable API possibilities actually don't exist in a realistic way since no one will use Applescript to work with Skype if there is no way of authorising a certain script. And since simply allowing Applescript unrestricted acces after one-time-authorisation would indeed be way to risky due to possible abuse-possibilities this will stay that way.
Since I am not a fulltime professional developer but rather a just-for-fun-scripter I will not move on to compilers or different programming languages.
To bad though.

I have to disagree with you here. The application name is sent when the client connects to the OSX Distributed Notification Centre. The centre can't tell the application that send the notification, only what the client has said it's name is. Yes, in windows a hash is made and the actual executable is named, but that is principally impossible to do in OSX using the distributed notification centre. I would have to say that the Skype AppleScript library would be sending "AppleScript" as the application name, rather than working out what the name of the script is (which can be set in the applescript code). It probably wasn't done that way because it's harder, but its not "-impossible-" as you put it.

I realize that this is a bug. Once you assign an API Client, it should be set and recalled on every reboot/restart. That does not appear to be the case with Applescript. Skype seems to forget that you've assigned Applescript as an API Client.

Until that is fixed, however, you could use Applescript (with System Events) to work around that bug.

tell application "Skype"
activate
set status to send command "GET USERSTATUS" script name "This Script" -- Command can be any Skype API command
(*
"COMMAND_PENDING" is returned when a Skype API command is issued but not yet accepted.
The reason it may not be accepted is likely because the application that sent the command has not been configured as a Skype API Client.
If Skype gets an API command from an application that has not been configured as a Skype API client, then the "Skype API Security" pop up appears instantly.
So we'll check to see if that is indeed the case and if it is, we'll add Applescript as an API Client and close the pop up.
*)
if status is "COMMAND_PENDING" then
tell application "System Events" to tell process "Skype"
if window "Skype API Security" exists then
click radio button "Allow this application to use Skype" of radio group 1 of window "Skype API Security"
delay 1
click button "OK" of window "Skype API Security"
end if
end tell
delay 15 -- Optional delay to allow skype to finish connecting
end if
end tell

I'm having the exact same issue with the Free-1 and Skype. The Skype API Security popup window does not seem to be respecting my "allow this app and now and always" option. Any luck with resolving this?

Kris