macos-spm-app-packaging
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate developer utility for macOS application packaging. All scripts use standard system tools such as
swift,codesign,lipo, andxcrunto perform their tasks. - [COMMAND_EXECUTION]: The provided templates (e.g.,
package_app.sh,compile_and_run.sh) execute shell commands to automate the build process, manage application processes, and sign binaries. These actions are transparently documented and directly support the skill's primary purpose. - [CREDENTIALS_SAFE]: Sensitive information, such as App Store Connect API keys and Sparkle private keys, are handled via environment variables. The
sign-and-notarize.shscript follows standard automation practices by temporarily writing credentials to/tmpand utilizing a shell trap to ensure secure deletion upon exit.
Audit Metadata