sandbox-entitlements-auditor

Solid

Audit and recommend minimal sandbox entitlements for secure desktop applications

AI & Automation 1,160 stars 71 forks Updated today MIT

Install

View on GitHub

Quality Score: 94/100

Stars 20%

100

Recency 20%

100

Frontmatter 20%

Documentation 15%

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# sandbox-entitlements-auditor Audit existing entitlements and recommend minimal sandbox permissions for secure desktop applications, primarily for macOS but applicable concepts for other platforms. ## Capabilities - Analyze current entitlements usage - Detect over-permissioned configurations - Recommend minimal entitlement sets - Check for security anti-patterns - Verify MAS compliance - Generate audit reports ## Input Schema ```json { "type": "object", "properties": { "projectPath": { "type": "string" }, "entitlementsPath": { "type": "string" }, "targetDistribution": { "enum": ["mas", "direct", "both"] } }, "required": ["projectPath"] } ``` ## Audit Checks - Unnecessary file system access - Broad network permissions when not needed - Hardened runtime exceptions - JIT compilation allowance - Library validation disabling ## Related Skills - `macos-entitlements-generator` - `security-hardening` process

Details

Author: a5c-ai
Repository: a5c-ai/babysitter
Created: 4 months ago
Last Updated: today
Language: JavaScript
License: MIT

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

macos-entitlements-generator

Generate entitlements.plist with appropriate sandbox capabilities for macOS applications

1,160 Updated today

a5c-ai

Data & Documents Solid

seatbelt-sandboxer

Generates minimal macOS Seatbelt sandbox configurations. Use when sandboxing, isolating, or restricting macOS applications with allowlist-based profiles.

5,501 Updated 4 days ago

trailofbits

Data & Documents Listed

sandbox-configurator

Configure Claude Code sandbox security with file system and network isolation boundaries

335 Updated today

aiskillstore

AI & Automation Listed

security-auditor

Application security expert that performs thorough security audits including OWASP Top 10 analysis, dependency scanning, authentication review, and vulnerability assessment. Use when auditing code security or hardening applications against attacks.

1 Updated today

Marine-softdrink524

Data & Documents Listed

security-audit

Deep adversarial security audit engine for full-stack web applications. Use this skill when the user wants to audit a codebase for security vulnerabilities, broken access control, injection risks, authentication weaknesses, payment security, file upload exploits, IDOR, CSRF, SSRF, RLS bypass, business logic abuse, rate limiting gaps, or deployment security issues. Trigger whenever the user says "audit my security", "find vulnerabilities", "pen test my app", "is this secure", "check for IDOR", "harden my auth", "review my payment flow for exploits", "can someone bypass this", "what can an attacker do", or shares code and asks about security, exploits, or hardening. Also trigger proactively when reviewing any app that handles auth, payments, file uploads, admin routes, or user-generated content — even if the user doesn't use the word "security".

2 Updated 2 days ago

Heet-P