The Agent Skills Directory

[SAFE]: The skill facilitates legitimate macOS application development tasks, including environment setup, project bootstrapping, and production distribution workflows without requiring the Xcode GUI.
[EXTERNAL_DOWNLOADS]: The skill references and downloads several well-known development tools and libraries from the macOS community:
Fetches the Sparkle update framework for direct application distribution.
Downloads the swift-bundler utility from its official GitHub repository for project packaging.
References automation and development skills from reputable community contributors (steipete, Dimillian).
[REMOTE_CODE_EXECUTION]: Provides instructions to execute the Peekaboo automation tool directly via npx -y @steipete/peekaboo. While this executes code from a remote registry without manual confirmation, the source is a recognized entity in the macOS development space.
[COMMAND_EXECUTION]: Orchestrates the building and packaging process through multiple shell scripts that execute standard macOS toolchain commands:
package_app.sh manages build products and generates Info.plist files.
sign-and-notarize.sh performs code signing and interacts with Apple's notarization service using codesign and notarytool.
compile_and_run.sh automates the development cycle by building and launching the resulting application bundle.
[CREDENTIALS_UNSAFE]: In scripts/sign-and-notarize.sh, sensitive App Store Connect API keys provided via environment variables are temporarily written to a file in /tmp/app-store-connect-key.p8 to satisfy the requirements of the notarytool CLI. Although the script attempts to remove this file using a trap on exit, this represents a transient exposure of private keys on the local filesystem.

mac-native-dev