Seatbelt Sandboxer

What it does

The Seatbelt Sandboxer skill generates macOS Seatbelt sandbox profiles to isolate applications and restrict their access to system resources. It creates minimal, allowlist-based configurations that default to denying all access, requiring explicit permissions for file read/write, network connections, process execution, and other operations. This allows for safe experimentation or testing of potentially untrusted code while preventing malicious actions.

When to use it

• A user requests sandboxing, isolation, or restriction of an application on macOS.
• Sandboxing any macOS process that requires limited file or network access.
• Implementing defense-in-depth security measures against potential supply chain attacks.

Key capabilities

• Generates minimal allowlist-based Seatbelt sandbox profiles.
• Supports parameter substitution (HOME, WORKING_DIR) and path filters for flexible configuration.
• Handles multi-command applications by creating separate profiles per subcommand.
• Provides network isolation options: block all, localhost-only, or unrestricted.
• Includes a step-by-step profiling methodology to identify requirements and iteratively build the sandbox profile.

Example prompts

• "Can you create a Seatbelt sandbox profile for this Python script?"
• "I want to restrict network access for this application; generate a sandbox profile with localhost-only networking."
• “Sandbox this command line tool, allowing it to read only files in the /tmp directory.”

Tips & gotchas

• This skill is specifically designed for macOS and will not work on Linux or Windows.
• Sandboxing introduces overhead; avoid using it for quick one-off scripts where performance is critical.
• Start with a minimal profile and iteratively add permissions based on the application's requirements, following the provided profiling methodology.