macos-admin
System preferences, users, disk utility, SIP, Gatekeeper, FileVault, console logs
Best use case
macos-admin is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
System preferences, users, disk utility, SIP, Gatekeeper, FileVault, console logs
Teams using macos-admin should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/macos-admin/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How macos-admin Compares
| Feature / Agent | macos-admin | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
System preferences, users, disk utility, SIP, Gatekeeper, FileVault, console logs
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
## Purpose
This skill handles macOS system administration tasks, including managing preferences, users, disks, and security features like SIP, Gatekeeper, FileVault, and console logs.
## When to Use
Use this skill for automating macOS admin operations in scripts, such as configuring system settings during deployment, managing user accounts in enterprise environments, or troubleshooting security issues via logs.
## Key Capabilities
- Manage system preferences via `systemsetup` for settings like time zone or energy saver.
- Handle users and groups using `dscl` for creating, deleting, or modifying accounts.
- Perform disk operations with `diskutil` for mounting, verifying, or encrypting volumes.
- Control SIP (System Integrity Protection) with `csrutil` to enable/disable for kernel extensions.
- Manage Gatekeeper via `spctl` to assess app security policies.
- Handle FileVault encryption using `fdesetup` for status checks and enablement.
- Access console logs with `log` command for system diagnostics.
## Usage Patterns
Invoke this skill in shell scripts or Python subprocess calls, always with elevated privileges (e.g., via `sudo`). For example, wrap commands in a function that checks for admin rights first. Use environment variables for configuration, like `$ADMIN_PASSWORD` for scripts requiring authentication. Pattern: Check prerequisites (e.g., OS version with `sw_vers`), execute the command, and parse output for automation.
## Common Commands/API
Use `sudo` for most commands due to admin requirements. Here's how to accomplish key tasks:
- Create a user: `dscl . -create /Users/newuser; dscl . -create /Users/newuser UserShell /bin/bash; dscl . -create /Users/newuser RealName "New User"`
- Check SIP status: `csrutil status` (output: "System Integrity Protection: enabled")
- Enable FileVault: `sudo fdesetup enable -user username -pass $ADMIN_PASSWORD`
- Manage Gatekeeper: `spctl --assess --verbose /path/to/app` to verify app allowance
- Mount a disk: `diskutil mount disk1s1`
- View console logs: `log show --predicate 'subsystem == "com.apple.console"' --last 1h`
- Change system preference (e.g., computer name): `sudo scutil --set ComputerName NewName`
Code snippet for user creation in Python:
```python
import subprocess
subprocess.run(['sudo', 'dscl', '.', '-create', '/Users/newuser'])
subprocess.run(['sudo', 'dscl', '.', '-create', '/Users/newuser', 'RealName', 'New User'])
```
Code snippet for SIP check:
```python
import os
result = os.popen('csrutil status').read()
if 'enabled' in result:
print("SIP is active")
```
## Integration Notes
Integrate by calling macOS CLI tools from your AI agent's code via subprocess or os.system. For scripts, ensure the agent runs with admin privileges; use `sudo` and pass credentials via env vars like `$ADMIN_PASSWORD`. Config formats: Use plist files for preferences (e.g., edit `/Library/Preferences/com.apple.loginwindow.plist` with `defaults write`). For API-like access, leverage AppleScript via `osascript`, e.g., `osascript -e 'tell application "System Preferences" to activate'`. If combining with other skills, pipe output to tools like `jq` for JSON parsing of log data.
## Error Handling
Always check command exit codes; for example, use `subprocess.run(..., check=True)` in Python to raise exceptions on failure. Common errors: Permission denied (code 1) – prompt for sudo or check `$EUID` for root status. Handle SIP-related errors by verifying status first. For disk operations, catch I/O errors with try-except blocks. Example: If `diskutil` fails, log the error and retry after user confirmation. Use `2>&1` to capture stderr in scripts, e.g., `command 2>&1 | grep error`.
## Concrete Usage Examples
1. Automate user creation for a new employee: First, check if the user exists with `dscl . -read /Users/username`, then create if not: `sudo dscl . -create /Users/newuser && sudo dscl . -passwd /Users/newuser $NEW_PASSWORD`. Use in a script to handle onboarding.
2. Secure a system by enabling FileVault: Run `sudo fdesetup status` to check current state, then if disabled, execute `sudo fdesetup enable -user admin -pass $ADMIN_PASSWORD` to encrypt the drive, ensuring data protection.
## Graph Relationships
- Related to: macos-core (for general macOS utilities), security-tools (for Gatekeeper and SIP integration), user-management (for dscl operations).
- Depends on: system-services (for console logs access).
- Conflicts with: non-macos skills due to OS-specific commands.Related Skills
ssh-server-admin
Securely connect to and manage remote Linux/Unix servers via SSH. Execute commands, transfer files (SCP/SFTP), set up port forwarding and tunnels. Use when the user asks to SSH into a server, connect to a remote machine, run remote commands, upload/download files to servers, set up tunnels, or perform server administration tasks. Works on Windows, macOS, and Linux.
rails-admin-scaffold
Generate a full-featured CRUD admin panel for Rails 6.1+ applications with auto-detection of CSS frameworks, pagination gems, and smart field mapping
home-network-admin
Manage and troubleshoot Tim's home network, SSH into devices, administer the Synology NAS, and work with Tailscale. Use when the user wants to (1) SSH into or run commands on remote machines (synology, dobro), (2) manage the Synology NAS (files, packages, Docker, backups, Surveillance Station), (3) troubleshoot network connectivity or DNS, (4) check Tailscale status or manage the tailnet, (5) transfer files between machines, (6) check device health or disk usage, (7) manage the Caddy reverse proxy on dobro (*.hopperhosted.com), (8) any home server or home network administration task.
api-admin-ops
Autonomous API administration agent for monitoring, managing, and troubleshooting third-party API integrations. Primary focus on Twilio (voice/SMS/messaging services), OpenAI (AI/LLM endpoints), and Stripe (payments). Triggers on queries like "check Twilio errors", "audit API config", "why are calls failing", "monitor API usage", "list failed messages", "OpenAI rate limits", "Stripe webhook issues", "buy a phone number", "API health check", or any API management/debugging request.
anthropic_administrator-automation
Automate Anthropic Admin tasks via Rube MCP (Composio): API keys, usage, workspaces, and organization management. Always search tools first for current schemas.
admin-interface-rules
Rules for the Admin interface functionalities
admin-dashboard
Extend and modify the admin dashboard, developer portal, and operations console. Use when adding new admin tabs, metrics, monitoring features, or internal tools. Activates for dashboard development, analytics, user management, and internal tooling.
admin-crud
Generate admin dashboard pages with data tables, filters, bulk actions, dialogs, and forms. Use when building admin interfaces, management pages, or dashboard components.
admin-design
Minimal, high-clarity admin UI design for this repo. Use when redesigning /admin pages (translation manager, dashboards, tables, forms), defining admin design tokens, or improving admin UX/keyboard workflows without changing core functionality.
admin-chat-ui-flow
Padroniza UX visual e fluxo da tela de chat admin com estilo da area cliente.
database-admin
Expert database administrator specializing in modern cloud databases, automation, and reliability engineering. Masters AWS/Azure/GCP database services, Infrastructure as Code, high availability, disaster recovery, performance optimization, and compliance. Handles multi-cloud strategies, container databases, and cost optimization. Use PROACTIVELY for database architecture, operations, or reliability engineering.
agent-database-administrator
Expert database administrator specializing in high-availability systems, performance optimization, and disaster recovery. Masters PostgreSQL, MySQL, MongoDB, and Redis with focus on reliability, scalability, and operational excellence.