
signing-entitlements
✓ Official★ 4,000by openai · part of openai/plugins
Inspect signing, entitlements, hardened runtime, and Gatekeeper issues for macOS apps. Use when asked to diagnose code signing failures, missing entitlements,…
This is the playbook your agent receives when the skill activates — you don't need to read it to use the skill, but it's here to audit before installing.
name: signing-entitlements description: Inspect macOS signing, entitlements, and Gatekeeper issues. Use when diagnosing code signing, sandbox, hardened runtime, or trust failures.
Signing & Entitlements
Workflow
-
Inspect the bundle or binary.
- Locate the
.appor executable. - Identify the main binary inside
Contents/MacOS/.
- Locate the
-
Read signing details.
- Use
codesign -dvvv --entitlements :- <path>. - Use
spctl -a -vv <path>when Gatekeeper behavior matters. - Use
plutil -pfor entitlements or Info.plist inspection.
- Use
-
Classify the failure.
- Unsigned or ad hoc signed
- Wrong identity
- Entitlement mismatch
- Hardened runtime issue
- App Sandbox issue
- Nested code signing issue
- Distribution/notarization prerequisite issue
-
Explain the minimum fix path.
- Say exactly what is wrong.
- Show the shortest set of validation or repair commands.
- Distinguish local development problems from distribution problems.
Useful Commands
codesign -dvvv --entitlements :- <app-or-binary>spctl -a -vv <app-or-binary>security find-identity -p codesigning -vplutil -p <path-to-entitlements-or-plist>
Guardrails
- Never invent missing entitlements.
- Do not conflate notarization with local debug signing.
- If the real issue is a build setting or provisioning profile, say so directly.
Output Expectations
Provide:
- what artifact was inspected
- what signing state it is in
- the exact failure class
- the minimum fix or validation sequence
npx skills add https://github.com/openai/plugins --skill signing-entitlementsRun this in your project — your agent picks the skill up automatically.
Quick Start
Use this skill when the failure smells like codesigning rather than compilation: launch refusal, missing entitlement, invalid signature, sandbox mismatch, hardened runtime confusion, or trust-policy rejection.
No common issues documented yet. If you hit a problem, the repository's GitHub Issues page is the best place to look.