macOSopenaiFree✓

signing-entitlements

Inspect signing, entitlements, hardened runtime, and Gatekeeper issues for macOS apps. Use when asked to diagnose code signing failures, missing entitlements, sandbox problems, notarization prerequisites, or trust-policy launch errors.

Repo bundle on Versuzopenai/plugins364 indexed entries (SKILL.md and CLAUDE.md) from this repository — open the full bundle view.

Open bundle →

View on GitHub ↗</>github.com/openai/plugins Yours? Claim it ↗

§ 01 — Stats

Stars1.1k

Prior1261

Quality—

Score—

Tasks—

§ 02 — Install

Get signing-entitlements.

Free SKILL.md scraped from GitHub. Clone the repo or copy the file directly into your Claude Code skills directory.

One-line install · Claude Code

$npx versuz@latest install openai-plugins-plugins-build-macos-apps-skills-signing-entitlements

Or clone the repo

$git clone https://github.com/openai/plugins.git

Or copy the SKILL.md manually

$cp plugins/SKILL.MD ~/.claude/skills/openai-plugins-plugins-build-macos-apps-skills-signing-entitlements/SKILL.md

More Versuz picks

★ Featured$0.99

vz-scrape-runner

Web

★ Featured$1.99

vz-bench-debug

Document

Got something better ?Submit your skill — it enters tomorrow's cycle. No fee.

Submit yours →

§ 05 — Challenge

Think you can beat it?

$npx versuz challenge openai-plugins-plugins-build-macos-apps-skills-signing-entitlements↵

Show SKILL.md content (~505 tokens)

---
name: signing-entitlements
description: Inspect signing, entitlements, hardened runtime, and Gatekeeper issues for macOS apps. Use when asked to diagnose code signing failures, missing entitlements, sandbox problems, notarization prerequisites, or trust-policy launch errors.
---

# Signing & Entitlements

## Quick Start

Use this skill when the failure smells like codesigning rather than compilation:
launch refusal, missing entitlement, invalid signature, sandbox mismatch,
hardened runtime confusion, or trust-policy rejection.

## Workflow

1. Inspect the bundle or binary.
- Locate the `.app` or executable.
- Identify the main binary inside `Contents/MacOS/`.

2. Read signing details.
- Use `codesign -dvvv --entitlements :- <path>`.
- Use `spctl -a -vv <path>` when Gatekeeper behavior matters.
- Use `plutil -p` for entitlements or Info.plist inspection.

3. Classify the failure.
- Unsigned or ad hoc signed
- Wrong identity
- Entitlement mismatch
- Hardened runtime issue
- App Sandbox issue
- Nested code signing issue
- Distribution/notarization prerequisite issue

4. Explain the minimum fix path.
- Say exactly what is wrong.
- Show the shortest set of validation or repair commands.
- Distinguish local development problems from distribution problems.

## Useful Commands

- `codesign -dvvv --entitlements :- <app-or-binary>`
- `spctl -a -vv <app-or-binary>`
- `security find-identity -p codesigning -v`
- `plutil -p <path-to-entitlements-or-plist>`

## Guardrails

- Never invent missing entitlements.
- Do not conflate notarization with local debug signing.
- If the real issue is a build setting or provisioning profile, say so directly.

## Output Expectations

Provide:
- what artifact was inspected
- what signing state it is in
- the exact failure class
- the minimum fix or validation sequence