AgentSkillsCN

sandbox-entitlements-auditor

为安全的桌面应用审核并推荐最小化的沙盒权限。

SKILL.md
--- frontmatter
name: sandbox-entitlements-auditor
description: Audit and recommend minimal sandbox entitlements for secure desktop applications
allowed-tools: Read, Grep, Glob, Bash
tags: [security, sandbox, entitlements, audit, macos]

sandbox-entitlements-auditor

Audit existing entitlements and recommend minimal sandbox permissions for secure desktop applications, primarily for macOS but applicable concepts for other platforms.

Capabilities

  • Analyze current entitlements usage
  • Detect over-permissioned configurations
  • Recommend minimal entitlement sets
  • Check for security anti-patterns
  • Verify MAS compliance
  • Generate audit reports

Input Schema

json
{
  "type": "object",
  "properties": {
    "projectPath": { "type": "string" },
    "entitlementsPath": { "type": "string" },
    "targetDistribution": { "enum": ["mas", "direct", "both"] }
  },
  "required": ["projectPath"]
}

Audit Checks

  • Unnecessary file system access
  • Broad network permissions when not needed
  • Hardened runtime exceptions
  • JIT compilation allowance
  • Library validation disabling

Related Skills

  • macos-entitlements-generator
  • security-hardening process