OpenSkillIndex← back to search
claude-codesecurity

Babysitter sandbox-entitlements-auditor

Audit and recommend minimal sandbox entitlements for secure desktop applications

install
source · Clone the upstream repo
git clone https://github.com/a5c-ai/babysitter
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/a5c-ai/babysitter "$T" && mkdir -p ~/.claude/skills && cp -r "$T/library/specializations/desktop-development/skills/sandbox-entitlements-auditor" ~/.claude/skills/a5c-ai-babysitter-sandbox-entitlements-auditor && rm -rf "$T"
manifest: library/specializations/desktop-development/skills/sandbox-entitlements-auditor/SKILL.md
tags
#security#sandbox#entitlements#audit#macos#permissions
source content

sandbox-entitlements-auditor

Audit existing entitlements and recommend minimal sandbox permissions for secure desktop applications, primarily for macOS but applicable concepts for other platforms.

Capabilities

  • Analyze current entitlements usage
  • Detect over-permissioned configurations
  • Recommend minimal entitlement sets
  • Check for security anti-patterns
  • Verify MAS compliance
  • Generate audit reports

Input Schema

{
  "type": "object",
  "properties": {
    "projectPath": { "type": "string" },
    "entitlementsPath": { "type": "string" },
    "targetDistribution": { "enum": ["mas", "direct", "both"] }
  },
  "required": ["projectPath"]
}

Audit Checks

  • Unnecessary file system access
  • Broad network permissions when not needed
  • Hardened runtime exceptions
  • JIT compilation allowance
  • Library validation disabling

Related Skills

  • macos-entitlements-generator
  • security-hardening
    process