Skip to main content

Seatbelt Sandboxer

Plugin Verified Active
Part of:Trailofbits

Generate minimal macOS Seatbelt sandbox configurations for applications

1 Skill 0 MCPs
Purpose

To provide users with a systematic and secure way to isolate macOS applications by generating minimal, effective Seatbelt sandbox configurations.

Features

  • Generates minimal macOS Seatbelt configurations
  • Follows a four-step profiling methodology
  • Supports iterative refinement of sandbox permissions
  • Provides guidance on testing and common failure modes

Use Cases

  • Isolating macOS applications that execute untrusted third-party code
  • Reducing the attack surface of high-risk applications on macOS
  • Creating targeted sandboxes for specific macOS processes

Non-Goals

  • Sandboxing applications on Linux or Windows
  • Running untrusted processes directly without profiling
  • Replacing containerization solutions for Linux environments

Trust

  • info:Issues Attention13 issues opened and 4 closed in the last 90 days, indicating a closure rate below 50% with a moderate number of open issues.

Installation

First, add the marketplace

/plugin marketplace add trailofbits/skills
/plugin install seatbelt-sandboxer@trailofbits

Contains 1 extensions

Skill (1)

Seatbelt Sandboxer Skill

Generates minimal macOS Seatbelt sandbox configurations. Use when sandboxing, isolating, or restricting macOS applications with allowlist-based profiles.

97

Quality Score

Verified
95 /100
Analyzed about 14 hours ago

Trust Signals

Last commit3 days ago
GitHub owner trailofbits (opens in new tab)
Stars5.2k
LicenseCC-BY-SA-4.0
Status
View Source

Similar Extensions

Dotforge Stack Python Fastapi

100

Python 3.12+ with FastAPI, async/await, type hints, and Ruff linting rules for Claude Code.

Plugin
luiseiman

Dotforge

100

Node.js 20+ with Express/Fastify, TypeScript, and ESM module rules for Claude Code.

Plugin
luiseiman

Msapps Swift Lsp

100

Swift Language Server Protocol integration — code intelligence, completions, diagnostics, and refactoring for iOS and macOS projects

Plugin
davepoon

Ruflo Agent

99

Agent runtimes for ruflo — local WASM-sandboxed agents (rvagent: 10 wasm_agent_*/wasm_gallery_* MCP tools, built on @ruvector/rvagent-wasm + @ruvector/ruvllm-wasm per ADR-070) plus Anthropic Claude Managed Agents as a cloud backend (managed_agent_* MCP tools per ADR-115). One interface, local-vs-cloud runtimes.

Plugin
ruvnet

Context Mode

98

MCP server that saves 98% of your context window with session continuity. Sandboxed code execution in 11 languages, FTS5 knowledge base with BM25 ranking, and automatic state restore across compactions.

Plugin
mksglu

Msapps Vm Disk Cleanup

93

Fix disk-full errors in Cowork VMs and Claude Code sandboxes — clean caches, temp files, and reclaim space automatically

Plugin
davepoon

© 2025 SkillRepo · Find the right skill, skip the noise.