What is macdog used for?

macdog is a macOS security & privacy toolkit that runs a full audit, reports a security grade, and helps you harden the system by managing firewall, privacy permissions, login items, and events.

How do I automatically fix issues?

Run macdog audit --fix to auto-apply recommended hardening, or fix individual issues with targeted commands like macdog firewall, macdog privacy revoke, or macdog harden.

Which security events can macdog monitor?

macdog can report events such as authentication (auth), TCC permission grants/denials, Gatekeeper, XProtect, and firewall-related events via macdog events.

macdog

Scanned

npx machina-cli add skill lu-zhengda/macos-toolkit/macdog --openclaw

Files (1)

SKILL.md

5.6 KB

macdog — macOS Security & Privacy Suite

Run a full security audit:

!macdog audit 2>&1 || echo "macdog not installed — brew install lu-zhengda/tap/macdog"

Analyze the audit results above. Explain the overall security grade and highlight any failing checks. For each issue, explain the risk and offer to fix it with macdog audit --fix or specific commands.

Commands

Command	Purpose	Example
`macdog audit`	Full security audit with letter grade (A-F)	`macdog audit`
`macdog audit --fix`	Auto-apply recommended hardening for failing checks	`macdog audit --fix`
`macdog audit --watch`	Continuous monitoring, alert on score drop	`macdog audit --watch --min-score 70`
`macdog firewall`	Show firewall status and rules	`macdog firewall`
`macdog firewall enable`	Enable the firewall	`macdog firewall enable`
`macdog firewall disable`	Disable the firewall	`macdog firewall disable`
`macdog firewall allow <app>`	Allow an app through firewall	`macdog firewall allow /Applications/Slack.app`
`macdog firewall block <app>`	Block an app in firewall	`macdog firewall block /Applications/Suspicious.app`
`macdog firewall export [file]`	Export firewall rules to JSON	`macdog firewall export rules.json`
`macdog firewall import <file>`	Import firewall rules from JSON	`macdog firewall import rules.json`
`macdog privacy`	List TCC privacy permissions	`macdog privacy`
`macdog privacy revoke <app> <service>`	Revoke a permission	`macdog privacy revoke com.app.name Camera`
`macdog privacy export [file]`	Export TCC permissions snapshot	`macdog privacy export perms.json`
`macdog login`	List login items and launch agents	`macdog login`
`macdog login remove <item>`	Remove a login item	`macdog login remove "Some App"`
`macdog harden`	Apply security hardening preset	`macdog harden`
`macdog harden --dry-run`	Preview hardening changes	`macdog harden --dry-run`
`macdog events`	Security events: auth, tcc, gatekeeper, xprotect, firewall	`macdog events`
`macdog events --last <duration>`	Filter events by time window	`macdog events --last 1h`
`macdog events --type <type>`	Filter by event type	`macdog events --type tcc`
`macdog events --severity <level>`	Filter by minimum severity (info, warning, critical)	`macdog events --severity warning`
`macdog events --json`	JSON output for scripting	`macdog events --json`

Security Events

View security-related events from the system log:

# Show recent security events
macdog events

# Filter to last hour
macdog events --last 1h

# Filter by event type
macdog events --type auth
macdog events --type tcc
macdog events --type gatekeeper
macdog events --type xprotect
macdog events --type firewall

# Filter by minimum severity
macdog events --severity warning
macdog events --severity critical

# JSON output for scripting
macdog events --json

Event types:

auth — Login attempts, sudo usage, authentication failures
tcc — TCC permission grants and denials (camera, microphone, etc.)
gatekeeper — Gatekeeper checks and notarization events
xprotect — XProtect malware detection and remediation events
firewall — Firewall blocks and connection denials

Severity levels: info, warning, critical

Events are automatically deduplicated — consecutive same-type events within 30s are collapsed with a count.

Auto-Fix Workflow

Automatically apply recommended fixes for failing audit checks:

# Preview what audit --fix would change
macdog audit --fix --dry-run

# Apply fixes (enables firewall, Gatekeeper, etc.)
macdog audit --fix

Continuous Monitoring

Watch security posture and alert on score drops:

# Alert when score drops below 70
macdog audit --watch --min-score 70

Combine with lanchr create --template monitor-security for persistent monitoring.

Firewall Rule Portability

Export and import firewall rules for backup or migration:

macdog firewall export rules.json
macdog firewall import rules.json

Security Audit Checks

The audit evaluates: FileVault encryption, firewall status, Gatekeeper, SIP, remote login, screen lock, sharing services, and more. Each check gets a pass/fail with explanation.

Safety Guidelines

Always --dry-run before --fix: Preview what changes will be applied
Audit first: Run macdog audit to understand your current posture before changing anything
Firewall changes require sudo: Enabling/disabling firewall needs admin privileges
Privacy revocations are immediate: Apps lose access as soon as permissions are revoked
Export before import: Back up existing rules before importing new ones

TUI Mode

Launch macdog without arguments for an interactive security dashboard.

Source

git clone https://github.com/lu-zhengda/macos-toolkit/blob/main/skills/macdog/SKILL.mdView on GitHub

Overview

macdog provides a comprehensive macOS security and privacy assessment. It runs a full audit, reports an overall grade, highlights failing checks, and offers fixes via macdog audit --fix or targeted commands to harden your system, review privacy permissions, firewall status, login items, and events.

How This Skill Works

The tool executes macdog audit to generate a security score and list issues. It analyzes results, explains risks per failure, and suggests fixes; you can apply fixes with macdog audit --fix or run specialized commands (firewall, privacy, login, harden, events) to address each area.

When to Use It

When you want a complete security posture assessment for your Mac (audit and score).
When you need to check current firewall status, rules, and enable/disable rules.
When you want to review and revoke unnecessary TCC/privacy permissions.
When you need to monitor security events or logins and detect issues.
When exporting/importing firewall rules or privacy permissions for backup or transfer.

Quick Start

Step 1: Run a full audit: macdog audit
Step 2: Review results and failing checks with the grade and explanations
Step 3: Apply fixes with macdog audit --fix or use focused commands (macdog firewall enable/Block, macdog privacy revoke, etc.)

Best Practices

Run macdog audit regularly to track security score over time.
Enable the macOS firewall and keep it enabled with appropriate rules.
Review TCC permissions and revoke unnecessary app access.
Use macdog harden to apply a security hardening preset and verify changes.
Enable macdog events watch for continuous monitoring and alerting.

Example Use Cases

macdog audit — yields a letter grade and recommended fixes for failing checks.
macdog firewall enable followed by macdog firewall export firewall.json for backup.
macdog privacy to list current app permissions, then macdog privacy revoke com.app Camera.
macdog login to list login items, then macdog login remove "Some App" to clean up.
macdog events --last 24h --type tcc to review recent privacy permission changes.

Frequently Asked Questions

Add this skill to your agents