sandbox-entitlements-auditor

Solid

Audit and recommend minimal sandbox entitlements for secure desktop applications

AI & Automation 814 stars 53 forks Updated today MIT

Install

View on GitHub

Quality Score: 93/100

Stars 20%
97
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
47
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# sandbox-entitlements-auditor Audit existing entitlements and recommend minimal sandbox permissions for secure desktop applications, primarily for macOS but applicable concepts for other platforms. ## Capabilities - Analyze current entitlements usage - Detect over-permissioned configurations - Recommend minimal entitlement sets - Check for security anti-patterns - Verify MAS compliance - Generate audit reports ## Input Schema ```json { "type": "object", "properties": { "projectPath": { "type": "string" }, "entitlementsPath": { "type": "string" }, "targetDistribution": { "enum": ["mas", "direct", "both"] } }, "required": ["projectPath"] } ``` ## Audit Checks - Unnecessary file system access - Broad network permissions when not needed - Hardened runtime exceptions - JIT compilation allowance - Library validation disabling ## Related Skills - `macos-entitlements-generator` - `security-hardening` process

Details

Author
a5c-ai
Repository
a5c-ai/babysitter
Created
4 months ago
Last Updated
today
Language
JavaScript
License
MIT

Related Skills

AI & Automation Featured

videodb

See, Understand, Act on video and audio. See- ingest from local files, URLs, RTSP/live feeds, or live record desktop; return realtime context and playable stream links. Understand- extract frames, build visual/semantic/temporal indexes, and search moments with timestamps and auto-clips. Act- transcode and normalize (codec, fps, resolution, aspect ratio), perform timeline edits (subtitles, text/image overlays, branding, audio overlays, dubbing, translation), generate media assets (image, audio, video), and create real time alerts for events from live streams or desktop capture.

196,640 Updated 2 days ago
affaan-m
AI & Automation Featured

ck

Persistent per-project memory for Claude Code. Auto-loads project context on session start, tracks sessions with git activity, and writes to native memory. Commands run deterministic Node.js scripts — behavior is consistent across model versions.

196,640 Updated 2 days ago
affaan-m
AI & Automation Featured

browser

Web browser automation with AI-optimized snapshots for claude-flow agents

55,973 Updated today
ruvnet