Skills
skills/lu-zhengda/macos-toolkit/macdog

macdog

SKILL.md

macdog — macOS Security & Privacy Suite

Run a full security audit:

!macdog audit 2>&1 || echo "macdog not installed — brew install lu-zhengda/tap/macdog"

Analyze the audit results above. Explain the overall security grade and highlight any failing checks. For each issue, explain the risk and offer to fix it with macdog audit --fix or specific commands.

Commands

Command Purpose Example
macdog audit Full security audit with letter grade (A-F) macdog audit
macdog audit --fix Auto-apply recommended hardening for failing checks macdog audit --fix
macdog audit --watch Continuous monitoring, alert on score drop macdog audit --watch --min-score 70
macdog firewall Show firewall status and rules macdog firewall
macdog firewall enable Enable the firewall macdog firewall enable
macdog firewall disable Disable the firewall macdog firewall disable
macdog firewall allow <app> Allow an app through firewall macdog firewall allow /Applications/Slack.app
macdog firewall block <app> Block an app in firewall macdog firewall block /Applications/Suspicious.app
macdog firewall export [file] Export firewall rules to JSON macdog firewall export rules.json
macdog firewall import <file> Import firewall rules from JSON macdog firewall import rules.json
macdog privacy List TCC privacy permissions macdog privacy
macdog privacy revoke <app> <service> Revoke a permission macdog privacy revoke com.app.name Camera
macdog privacy export [file] Export TCC permissions snapshot macdog privacy export perms.json
macdog login List login items and launch agents macdog login
macdog login remove <item> Remove a login item macdog login remove "Some App"
macdog harden Apply security hardening preset macdog harden
macdog harden --dry-run Preview hardening changes macdog harden --dry-run
macdog events Security events: auth, tcc, gatekeeper, xprotect, firewall macdog events
macdog events --last <duration> Filter events by time window macdog events --last 1h
macdog events --type <type> Filter by event type macdog events --type tcc
macdog events --severity <level> Filter by minimum severity (info, warning, critical) macdog events --severity warning
macdog events --json JSON output for scripting macdog events --json

Security Events

View security-related events from the system log:

# Show recent security events
macdog events

# Filter to last hour
macdog events --last 1h

# Filter by event type
macdog events --type auth
macdog events --type tcc
macdog events --type gatekeeper
macdog events --type xprotect
macdog events --type firewall

# Filter by minimum severity
macdog events --severity warning
macdog events --severity critical

# JSON output for scripting
macdog events --json

Event types:

  • auth — Login attempts, sudo usage, authentication failures
  • tcc — TCC permission grants and denials (camera, microphone, etc.)
  • gatekeeper — Gatekeeper checks and notarization events
  • xprotect — XProtect malware detection and remediation events
  • firewall — Firewall blocks and connection denials

Severity levels: info, warning, critical

Events are automatically deduplicated — consecutive same-type events within 30s are collapsed with a count.

Auto-Fix Workflow

Automatically apply recommended fixes for failing audit checks:

# Preview what audit --fix would change
macdog audit --fix --dry-run

# Apply fixes (enables firewall, Gatekeeper, etc.)
macdog audit --fix

Continuous Monitoring

Watch security posture and alert on score drops:

# Alert when score drops below 70
macdog audit --watch --min-score 70

Combine with lanchr create --template monitor-security for persistent monitoring.

Firewall Rule Portability

Export and import firewall rules for backup or migration:

macdog firewall export rules.json
macdog firewall import rules.json

Security Audit Checks

The audit evaluates: FileVault encryption, firewall status, Gatekeeper, SIP, remote login, screen lock, sharing services, and more. Each check gets a pass/fail with explanation.

Safety Guidelines

  • Always --dry-run before --fix: Preview what changes will be applied
  • Audit first: Run macdog audit to understand your current posture before changing anything
  • Firewall changes require sudo: Enabling/disabling firewall needs admin privileges
  • Privacy revocations are immediate: Apps lose access as soon as permissions are revoked
  • Export before import: Back up existing rules before importing new ones

TUI Mode

Launch macdog without arguments for an interactive security dashboard.

Weekly Installs
1
Repository
lu-zhengda/macos-toolkit
First Seen
12 days ago
Security Audits
Gen Agent Trust HubPass
SocketWarn
SnykWarn
Installed on
mcpjam1
claude-code1
junie1
windsurf1
zencoder1
crush1