返回 Skill 列表
extension
分类: 开发与工程无需 API Key

macdog

当用户要求“运行安全审计”、“检查防火墙状态”、“启用防火墙”、“审查隐私权限”、“检查哪些应用程序有摄像头访问权限”、“列出登录项”、“加强我的Mac”、“检查安全设置”、“撤销应用程序权限”、“自动修复安全问题”、“导出防火墙规则”、“导入防火墙规则”、“导出隐私权限”、“监控安全评分”、“安全事件”、“登录尝试”、“权限更改”、“防火墙阻止”、“应用程序安装历史”、“TCC事件”,或提到macdog、macOS安全、隐私审计、TCC权限、系统加固、防火墙导出、持续安全监控或安全事件日志时,应使用此技能。

person作者: jakexiaohubgithub

macdog — macOS Security & Privacy Suite

Run a full security audit:

!macdog audit 2>&1 || echo "macdog not installed — brew install lu-zhengda/tap/macdog"

Analyze the audit results above. Explain the overall security grade and highlight any failing checks. For each issue, explain the risk and offer to fix it with macdog audit --fix or specific commands.

Commands

| Command | Purpose | Example | |---------|---------|---------| | macdog audit | Full security audit with letter grade (A-F) | macdog audit | | macdog audit --fix | Auto-apply recommended hardening for failing checks | macdog audit --fix | | macdog audit --watch | Continuous monitoring, alert on score drop | macdog audit --watch --min-score 70 | | macdog firewall | Show firewall status and rules | macdog firewall | | macdog firewall enable | Enable the firewall | macdog firewall enable | | macdog firewall disable | Disable the firewall | macdog firewall disable | | macdog firewall allow <app> | Allow an app through firewall | macdog firewall allow /Applications/Slack.app | | macdog firewall block <app> | Block an app in firewall | macdog firewall block /Applications/Suspicious.app | | macdog firewall export [file] | Export firewall rules to JSON | macdog firewall export rules.json | | macdog firewall import <file> | Import firewall rules from JSON | macdog firewall import rules.json | | macdog privacy | List TCC privacy permissions | macdog privacy | | macdog privacy revoke <app> <service> | Revoke a permission | macdog privacy revoke com.app.name Camera | | macdog privacy export [file] | Export TCC permissions snapshot | macdog privacy export perms.json | | macdog login | List login items and launch agents | macdog login | | macdog login remove <item> | Remove a login item | macdog login remove "Some App" | | macdog harden | Apply security hardening preset | macdog harden | | macdog harden --dry-run | Preview hardening changes | macdog harden --dry-run | | macdog events | Security events: auth, tcc, gatekeeper, xprotect, firewall | macdog events | | macdog events --last <duration> | Filter events by time window | macdog events --last 1h | | macdog events --type <type> | Filter by event type | macdog events --type tcc | | macdog events --severity <level> | Filter by minimum severity (info, warning, critical) | macdog events --severity warning | | macdog events --json | JSON output for scripting | macdog events --json |

Security Events

View security-related events from the system log:

# Show recent security events
macdog events

# Filter to last hour
macdog events --last 1h

# Filter by event type
macdog events --type auth
macdog events --type tcc
macdog events --type gatekeeper
macdog events --type xprotect
macdog events --type firewall

# Filter by minimum severity
macdog events --severity warning
macdog events --severity critical

# JSON output for scripting
macdog events --json

Event types:

  • auth — Login attempts, sudo usage, authentication failures
  • tcc — TCC permission grants and denials (camera, microphone, etc.)
  • gatekeeper — Gatekeeper checks and notarization events
  • xprotect — XProtect malware detection and remediation events
  • firewall — Firewall blocks and connection denials

Severity levels: info, warning, critical

Events are automatically deduplicated — consecutive same-type events within 30s are collapsed with a count.

Auto-Fix Workflow

Automatically apply recommended fixes for failing audit checks:

# Preview what audit --fix would change
macdog audit --fix --dry-run

# Apply fixes (enables firewall, Gatekeeper, etc.)
macdog audit --fix

Continuous Monitoring

Watch security posture and alert on score drops:

# Alert when score drops below 70
macdog audit --watch --min-score 70

Combine with lanchr create --template monitor-security for persistent monitoring.

Firewall Rule Portability

Export and import firewall rules for backup or migration:

macdog firewall export rules.json
macdog firewall import rules.json

Security Audit Checks

The audit evaluates: FileVault encryption, firewall status, Gatekeeper, SIP, remote login, screen lock, sharing services, and more. Each check gets a pass/fail with explanation.

Safety Guidelines

  • Always --dry-run before --fix: Preview what changes will be applied
  • Audit first: Run macdog audit to understand your current posture before changing anything
  • Firewall changes require sudo: Enabling/disabling firewall needs admin privileges
  • Privacy revocations are immediate: Apps lose access as soon as permissions are revoked
  • Export before import: Back up existing rules before importing new ones

TUI Mode

Launch macdog without arguments for an interactive security dashboard.