Claude\'s Computer Use feature shipped in Claude Desktop on May 13, 2026, giving Mac users a Claude that can observe and interact with applications at the OS level. The release included a tier system that assigns different applications different levels of access. Safari sits at the most restrictive tier: "read." Claude can take screenshots of Safari, but cannot click, type, scroll, drag, or otherwise interact with anything inside Safari\'s window.
The restriction has confused people. Why can Claude click in Notes, Finder, and Mail, but not in Safari? Why is Safari treated differently from other Mac apps? And what does this mean for Mac users who want to use Claude with Safari in practical work? This piece explains.
The tier system explained
Computer Use assigns each application to one of three access tiers based on the application category:
- Read tier: visible in screenshots, but clicks, typing, and direct interaction are blocked. Browsers (Safari, Chrome, Firefox, Edge, Arc, Brave) all sit here by default.
- Click tier: visible and left-clickable, but typing, key presses, right-clicks, modifier-clicks, and drag-and-drop are blocked. Terminals and IDEs (Terminal, iTerm, VS Code, JetBrains apps) sit here.
- Full tier: no restrictions. Everything else, including Notes, Finder, Mail, Calendar, Photos, System Settings, and most third-party native apps.
The tier is enforced by a frontmost-app check before every action. If Claude tries to left_click while Safari is in front, the action returns an error telling Claude what tier Safari is at and what to do instead. Same for typing into a terminal: the error tells Claude to use the Bash tool instead of typing in the terminal directly.
Why browsers are at "read"
The restriction on browsers is deliberate and product-driven. Anthropic ships a dedicated browser extension (Claude in Chrome) for action-level browser interaction. The extension has its own permission model, its own user-consent flow, and its own iteration cycle. Anthropic\'s position is: if you want Claude to act in your browser, use the official extension. If you do not have the extension installed, Claude should observe the browser, not act on it.
There are also security reasons. A browser is the most session-rich and credential-rich application on most computers. A logged-in Gmail tab, a banking tab, a CRM tab, a Shopify admin tab, all of them have authenticated sessions that an attacker would love to access. Putting Claude\'s browser interaction inside a dedicated, audited extension with its own consent flow is materially safer than letting OS-level Computer Use type and click in arbitrary tabs.
The read-only restriction is also forward-compatible. If Anthropic eventually ships a Safari extension, it can be turned on without changing the OS-level tier model. Safari moves to a "click" tier or higher only after a Safari-specific extension is installed and authorised, the same way Chrome works today.
What "read" tier actually allows
Read tier permits:
- Screenshots of Safari\'s window
- Observing Safari\'s window title and URL via system APIs
- Activating Safari to bring it to the front (this counts as a read-level operation, not a click)
Read tier blocks:
- Clicking anywhere in Safari (links, buttons, scrollbars, address bar)
- Typing or pasting into Safari
- Scrolling Safari (using arrows, Page Down, or mouse wheel)
- Drag and drop into or out of Safari
- Right-click (which would expose context menus)
The practical implication is that Claude cannot fill out forms in Safari, cannot click links to navigate, cannot scroll to see below-the-fold content, and cannot interact with anything dynamic. It can only see what is currently on screen.
How users work around the restriction
Three patterns have emerged among Mac users actively using Claude alongside Safari in 2026.
The shell-driven workflow
Claude uses open -a Safari "URL" from the terminal to navigate Safari indirectly. The terminal is a separate application from Safari, and Claude can drive the terminal even if it cannot drive Safari directly. The OS handles the URL routing, Safari just receives the URL and loads it. Read tier is not violated because Claude never clicks inside Safari.
The curl-first workflow
For text content, Claude bypasses Safari entirely. The curl command in the terminal fetches the raw HTML of any URL directly, with no browser involved. Claude reads the text content from curl, then uses Safari for visual context only when needed. Most read-and-analyse research tasks can be completed without ever touching Safari\'s interaction model.
The hybrid Chrome + Safari pattern
Some Mac users keep Safari as their default browser for everyday browsing and run Chrome as a secondary browser exclusively for Claude in Chrome workflows. When a research task requires Claude to act (clicks, form fills, multi-step navigation), they open the URL in Chrome and use the extension. Otherwise, Safari stays primary.
What this means for ecommerce workflows specifically
For ecommerce operators on Mac, the read-only Safari restriction has these practical implications:
Auditing competitor sites
Easy. Curl gets the text, screenshot gets the above-the-fold visual. A full competitive audit can be done in Safari without violating any tier restriction.
Researching products on supplier sites
Mostly easy. Most supplier and wholesale sites are server-rendered, so curl returns the product data directly. Screenshots add visual context for the products themselves.
Interacting with Shopify admin
Use Chrome and Claude in Chrome. Shopify admin is heavily JavaScript-rendered and requires authentication, neither of which works well with curl. Computer Use on Safari cannot click through Shopify\'s interface. Chrome with the extension is the right tool.
Managing helpdesk tickets
Use Chrome and the extension. Gorgias, Re:amaze, Zendesk all require login and click-driven workflows. Read-only Safari does not work here.
Reading documentation and articles
Safari is fine. Curl extracts the text. Most documentation sites are server-rendered. Below-the-fold content comes from curl, not screenshots.
The deeper product philosophy
The Safari read-only restriction is part of a broader Anthropic principle: Computer Use should be observably safe by default. The tier system makes it explicit which applications Claude can act on and which it cannot. A user looking at the tier list can predict Claude\'s capabilities without reading documentation.
This is in contrast to a model where every application is fair game and the user has to remember which actions are safe to delegate. Anthropic\'s design choice is to err on the side of "you cannot accidentally use Claude to drain your bank account" and rely on dedicated, audited extensions for action-tier browser work.
It is a reasonable choice. It is also frustrating in the short term if you are a Safari power user, because it means the workflows you can run on Safari are narrower than the workflows you can run on Chrome.
What might change
Two things could change the read-only Safari restriction:
- Anthropic ships an official Safari extension. The read-only restriction would relax once the extension is installed.
- Apple changes the Safari extension model or its app distribution policy in a way that makes a Safari extension cheaper for Anthropic to build and maintain.
Neither is imminent. Both are plausible by 2027 or 2028.
Bottom line
Computer Use treats Safari as read-only because that is the safest default until Anthropic ships a dedicated Safari extension. For Mac users, the restriction is not arbitrary; it reflects Anthropic\'s deliberate choice to put action-tier browser work behind a permission-aware extension layer rather than at the OS level.
In practice, the restriction is workable. The shell-driven workflow (open -a Safari) and the curl-first workflow cover most read-and-analyse research tasks. For action-heavy browser work, Chrome with the extension is the right tool. Most Mac power users we know run both browsers, with Safari primary and Chrome opened only when Claude needs to act in a tab.
At ScaleWise VA our internal team runs exactly this dual-browser setup for Shopify operations work. If you want to apply the same pattern to your own store, book a free 30-minute call.
What this means for Shopify operations on a Mac
The read-only Safari tier shapes how our team structures Shopify operations work on Mac. Concretely:
Tasks that involve READING Shopify (competitor research, supplier audits, content analysis, market intelligence) run cleanly through Safari + Claude Desktop using the workflow this post describes. No friction.
Tasks that involve ACTING on Shopify (logging into the admin, bulk-editing products, configuring apps, filling out forms, processing orders directly in the dashboard) need a different tool. We either:
- Use Chrome with Claude in Chrome for the action-driven session, then return to Safari for the rest of the day, or
- Have the human team member perform the action while Claude observes via screenshot and provides real-time guidance
Most Shopify operations retainers we run have about 70% read-and-analyze work (where Safari is fine) and 30% action work (where Chrome + extension wins). Our internal team trained on this split rather than treating it as a limitation.
For brands that want this kind of operational workflow built around their store without learning the Mac power-user setup, book a free discovery call and we'll explain how we'd structure it for your specific volume.