Remote OpenClaw

Claude Skill

macOS Seatbelt Sandbox Profiling

Generates minimal macOS Seatbelt sandbox configurations. Use when sandboxing, isolating, or restricting macOS applications with allowlist-based profiles.

Reviewed community sourceInstallable3 sections1 related pages
Browse full directoryMore dataView source

Editor's Note

Generates minimal macOS Seatbelt sandbox configurations. Use when sandboxing, isolating, or restricting macOS applications with allowlist-based profiles. Covers when to use, when not to use, profiling methodology.

Editorial Guide

What to do with this skill

Start with the workflow below, then drop into the upstream source only after the page has narrowed the job for you.

What this skill does

Generates minimal macOS Seatbelt sandbox configurations.

When to use it

sandboxing, isolating, or restricting macOS applications with allowlist-based profiles.

Install and setup notes

  • Open the upstream source before treating this page as install-ready, because not every official record is meant to be dropped into a workflow unchanged.
  • Keep the context narrow. These skills are usually strongest when you load only the branch, reference set, or workflow step that matches the current task.
  • If you plan to standardize on this skill for team use, pin the upstream repo and check for updates periodically instead of assuming the official defaults are static.

Example workflow

  1. Start with a concrete task that clearly matches this skill's intended trigger: sandboxing, isolating, or restricting macOS applications with allowlist-based profiles.
  2. Read the overview and first source section, then choose the smallest branch of guidance or references that solves the task in front of you.
  3. Run the change on a real file, command, or workflow, verify the result, and only then widen the skill into a repeatable team pattern.

Compatible agents

This skill is explicitly marked for Claude Code.

Claude Code

Where to go next

Next Page

AI Agent Skills Directory

Compare ecosystems, use-case hubs, and the broader skills catalog from one search-first page.

Next Page

Claude Code Skills

Browse the wider Claude Code directory if this skill is close but not quite the right fit.

Next Page

Best Claude Code Skills

Use the Claude Code hub to compare the strongest installable skills before you standardize on a workflow.

Install source

This page does not expose a single copy-paste install command in the normalized record. Use the upstream install source below to confirm the exact steps, file paths, and current setup expectations before you add it to your stack.

Page Outline

When to UseWhen NOT to UseProfiling Methodology

Source Content

Normalized top-level metadata comes from the directory layer. The body below is the upstream source content for this item.

macOS Seatbelt Sandbox Profiling

Generate minimally-permissioned allowlist-based Seatbelt sandbox configurations for applications.

When to Use

  • User asks to "sandbox", "isolate", or "restrict" an application on macOS
  • Sandboxing any macOS process that needs restricted file/network access
  • Creating defense-in-depth isolation if supply chain attacks are a concern

When NOT to Use

  • Linux containers (use seccomp-bpf, AppArmor, or namespaces instead)
  • Windows applications
  • Applications that legitimately need broad system access
  • Quick one-off scripts where sandboxing overhead isn't justified

Profiling Methodology

Step 1: Identify Application Requirements

Determine what the application needs across these resource categories:

| Category | Operations | Common Use Cases | |----------|------------|------------------| | **File Read** | `file-read-data`, `file-read-metadata`, `file-read-xattr`, `file-test-existence`, `file-map-executable` | Reading source files, configs, libraries | | **File Write** | `file-write-data`, `file-write-create`, `file-write-unlink`, `file-write-mode`, `file-write-xattr`, `file-clone`, `file-link` | Output files, caches, temp files | | **Network** | `network-bind`, `network-inbound`, `network-outbound` | Servers, API calls, package downloads | | **Process** | `process-fork`, `process-exec`, `process-exec-interpreter`, `process-info*`, `process-codesigning*` | Spawning child processes, scripts | | **Mach IPC** | `mach-lookup`, `mach-register`, `mach-bootstrap`, `mach-task-name` | System services, XPC, notifications | | **POSIX IPC** | `ipc-posix-shm*`, `ipc-posix-sem*` | Shared memory, semaphores | | **Sysctl** | `sysctl-read`, `sysctl-write` | Reading system info (CPU, memory) | | **IOKit** | `iokit-open`, `iokit-get-properties`, `iokit-set-properties` | Hardware access, device drivers | | **Signals** | `signal` | Signal handling between processes | | **Pseudo-TTY** | `pseudo-tty` | Terminal emulation | | **System** | `system-fsctl`, `system-socket`, `system-audit`, `system-info` | Low-level system calls | | **User Prefs** | `user-preference-read`, `user-preference-write` | Reading/writing user defaults | | **Notifications** | `darwin-notification-post`, `distributed-notification-post` | System notifications | | **AppleEvents** | `appleevent-send` | Inter-app communication (AppleScript) | | **Camera/Mic** | `device-camera`, `device-microphone` | Media capture | | **Dynamic Code** | `dynamic-code-generation` | JIT compilation | | **NVRAM** | `nvram-get`, `nvram-set`, `nvram-delete` | Firmware variables |

For each category, determine: **Needed?** and **Specific scope** (paths, services, etc.)

If the application has multiple subcommands that perform significantly different operations, such as `build` and `serve` commands for a Javascript bundler like Webpack, do the following:

  • Profile the subcommands separately
  • Create separate Sandbox configurations for each subcommand
  • Create a helper script that acts as a drop-in replacement for the original binary, executing the sandboxed application with the appropriate Seatbelt profile according to the subcommand passed.

Step 2: Start with Minimal Profile

Begin with deny-all and essential process operations, saved in a suitably-named Seatbelt profile file with the `.sb` extension.

(version 1)
(deny default)

;; Essential for any process
(allow process-exec*)
(allow process-fork)
(allow sysctl-read)

;; Metadata access (stat, readdir) - doesn't expose file contents
(allow file-read-metadata)

Step 3: Add File Read Access (Allowlist)

Use `file-read-data` (not `file-read*`) for allowlist-based reads:

(allow file-read-data
    ;; System paths (requ

<!-- truncated -->

Related Items

Claude Skill

Diagramming Code

>

Next places to browse

Directory

Browse full Claude Code directory

Move back to the full hub if you want adjacent skills, plugins, or agents instead of just the pages related to this record.

Category

More data pages

Open the category landing page if you already know the job and want more pages with the same topical framing.

Next Layer

See workflow marketplace

Move from free directory research into ready-made workflows if the real goal is buying a finished operator stack.

Featured slot

Your product here

Reserve this slot to reach operators and coding-agent buyers.

Shown where builders are actively comparing tools and deployment options.

Advertise