sandbox-entitlements-auditor
// Audit and recommend minimal sandbox entitlements for secure desktop applications
$ git log --oneline --stat
stars:384
forks:73
updated:March 4, 2026
SKILL.mdreadonly
SKILL.md Frontmatter
namesandbox-entitlements-auditor
descriptionAudit and recommend minimal sandbox entitlements for secure desktop applications
allowed-toolsRead, Grep, Glob, Bash
tagssecurity,sandbox,entitlements,audit,macos
sandbox-entitlements-auditor
Audit existing entitlements and recommend minimal sandbox permissions for secure desktop applications, primarily for macOS but applicable concepts for other platforms.
Capabilities
- Analyze current entitlements usage
- Detect over-permissioned configurations
- Recommend minimal entitlement sets
- Check for security anti-patterns
- Verify MAS compliance
- Generate audit reports
Input Schema
{
"type": "object",
"properties": {
"projectPath": { "type": "string" },
"entitlementsPath": { "type": "string" },
"targetDistribution": { "enum": ["mas", "direct", "both"] }
},
"required": ["projectPath"]
}
Audit Checks
- Unnecessary file system access
- Broad network permissions when not needed
- Hardened runtime exceptions
- JIT compilation allowance
- Library validation disabling
Related Skills
macos-entitlements-generatorsecurity-hardeningprocess