← Back to Skills Marketplace
matthewxmurphy

Mac Multi User Agents

by Matthew Murphy · GitHub ↗ · v1.1.0
cross-platform ⚠ suspicious
391
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install mac-multi-user-agents
Description
Configure a powerful macOS machine to host multiple dedicated OpenClaw agent users with Fast User Switching, a shared Homebrew toolchain, per-user OpenClaw h...
README (SKILL.md)

Mac Multi User Agents

Use this skill when one Mac should support multiple dedicated OpenClaw agent users.

This skill is for the pattern you described on the MacBook Pro:

  • one strong Mac
  • several agent users
  • Fast User Switching
  • one shared /opt/homebrew toolchain
  • separate ~/.openclaw, SSH, browser, and session state per user

It does not try to hide the fact that macOS user management still requires admin access.

Use This Skill For

  • preparing a MacBook Pro to host 2-4 dedicated agent users
  • estimating a sane number of agent users from the Mac's CPU and RAM
  • keeping one shared Homebrew toolchain while isolating per-user OpenClaw state
  • rendering or executing repeatable user-create commands instead of clicking around in System Settings
  • checking whether a user has the required shell/tool paths
  • documenting and auditing per-user rollout

Do Not Use This Skill For

  • creating production macOS MDM policy
  • bypassing sudo or admin approval for user creation
  • pretending multiple agents should share one login
  • turning the Mac into a shared human workstation and agent host without boundaries

Requirements

  • admin access on the Mac
  • Homebrew installed at /opt/homebrew
  • OpenClaw installed in the shared toolchain
  • enough RAM, storage, and browser capacity for the planned agent count

Design Rules

  • one macOS user per agent
  • one ~/.openclaw per agent
  • one ~/.ssh per agent
  • one browser profile set per agent
  • shared /opt/homebrew only for binaries and formulae
  • no shared session files between agents

Workflow

1. Inspect The Host

Run:

scripts/detect-host.sh
scripts/recommend-layout.sh

This reports:

  • current user list
  • whether Homebrew/OpenClaw are on the shared path
  • current Fast User Switching state
  • current hostname and shell layout
  • a recommended range for additional agent users based on CPU/RAM

2. Render Or Execute User Creation

Do not improvise account creation from memory.

Render the commands first:

scripts/render-user-create.sh --user agent3 --full-name "Agent 3"
scripts/render-user-create.sh --user agent4 --full-name "Agent 4" --admin no

This prints a repeatable sysadminctl-based flow and the baseline directories to create afterward.

If you want the skill to actually create the user, use:

export AGENT_PASSWORD='set-a-real-password'
scripts/create-user.sh --user agent3 --full-name "Agent 3" --password-env AGENT_PASSWORD

Or dry-run first:

scripts/create-user.sh --user agent3 --full-name "Agent 3" --password-env AGENT_PASSWORD --dry-run

This keeps the process auditable and avoids hand-built user creation every time.

3. Keep The Toolchain Shared

Recommended shared toolchain:

  • /opt/homebrew/bin/brew
  • /opt/homebrew/bin/node
  • /opt/homebrew/bin/npm
  • /opt/homebrew/bin/openclaw

Read references/shared-homebrew.md before changing ownership or permissions under /opt/homebrew.

4. Bootstrap Per-User State

For each agent user, create or verify:

  • ~/.ssh
  • ~/.openclaw
  • shell PATH that includes /opt/homebrew/bin
  • authorized keys if cross-host or gateway SSH is required

Use:

scripts/verify-user-shell.sh --user agent3

to check the resulting shell/tool state.

5. Enable Fast User Switching

Read references/fast-user-switching.md.

The purpose is:

  • easy hop between agent users
  • no need to log out the whole Mac
  • clear separation of browser/session state

6. Leave Receipts

Use:

scripts/write-receipt.sh --action "create-user" --status ok --detail "Prepared agent3 on MacBook Pro"
scripts/write-receipt.sh --action "verify-user-shell" --status ok --detail "agent3 sees brew node openclaw"

Security Rules

  • do not give every agent user admin unless there is a real reason
  • keep /opt/homebrew shared, but keep ~/.openclaw private per user
  • do not share browser profiles between agent users
  • keep SSH keys per user, not one copied private key everywhere
  • if one user is removed, cleanup should not break the other users

Rollback

A single agent user should be removable without reinstalling the Mac.

Baseline rollback:

  • remove that user
  • remove that user’s ~/.openclaw
  • remove that user’s SSH keys and browser state
  • keep shared Homebrew intact

Files

  • scripts/detect-host.sh: inspect the Mac and shared toolchain state
  • scripts/recommend-layout.sh: suggest a sane agent-user count from hardware
  • scripts/render-user-create.sh: print repeatable user-creation commands
  • scripts/create-user.sh: actually create and bootstrap an agent user with sysadminctl
  • scripts/verify-user-shell.sh: verify a target user sees the expected toolchain
  • scripts/write-receipt.sh: append JSONL receipts for rollout work
  • references/fast-user-switching.md: practical guidance for multi-user Mac agent hosts
  • references/shared-homebrew.md: rules for one shared Homebrew toolchain across agent users
Usage Guidance
This skill appears to do what it says: create and bootstrap macOS agent users using admin privileges and a shared Homebrew. Before using it: (1) review the scripts yourself — they run sudo/sysadminctl and modify user dotfiles and home directories; (2) run the detection and render scripts first (dry-run) to see what will happen; (3) when creating users, supply a password via an environment variable as instructed (e.g., export AGENT_PASSWORD) rather than embedding plaintext passwords; (4) back up any ~/.zprofile or other user files you care about because the scripts append PATH modifications; (5) verify /opt/homebrew and OpenClaw locations match your environment; (6) confirm you have full admin consent for creating accounts on the machine; and (7) consider testing on a disposable machine or VM before rolling out to a production laptop.
Capability Analysis
Type: OpenClaw Skill Name: mac-multi-user-agents Version: 1.1.0 The skill bundle provides scripts to perform high-privilege macOS administrative tasks, specifically creating new user accounts and granting them admin rights using 'sysadminctl' and 'dseditgroup' (scripts/create-user.sh). While these actions are consistent with the stated goal of managing multi-user agent environments, the capability to programmatically create accounts and modify system-level permissions represents a significant attack surface if the agent is misdirected. No evidence of data exfiltration, obfuscation, or intentional backdoors was found, but the inherent risk of the administrative tools warrants a cautious classification.
Capability Assessment
Purpose & Capability
The name/description (multi-user macOS agent host) matches the included scripts and documentation: inspecting host, recommending layout, rendering/creating users, verifying shells, and writing local receipts. Required capabilities (admin, Homebrew at /opt/homebrew, OpenClaw installed) are consistent with the task.
Instruction Scope
Instructions and scripts perform privileged local actions (sysadminctl, dseditgroup, dscl) and edit per-user dotfiles (~/.zprofile), create ~/.ssh and ~/.openclaw, and write local JSONL receipts. These are expected for account provisioning but are intrusive (modify user shells and home directories); review and run dry-runs first.
Install Mechanism
This is instruction-only with no install spec. All delivered artifacts are small scripts and docs; nothing is downloaded or extracted from external URLs.
Credentials
The skill declares no required env vars, which aligns with registry metadata. The create-user flow expects the operator to supply a password via an environment variable (e.g., export AGENT_PASSWORD) at runtime — this is reasonable but the registry metadata does not list a primary credential, so users should be aware they'll need to provide the password env themselves. write-receipt.sh honors RECEIPT_ROOT if set (optional). No other secrets or remote tokens are requested.
Persistence & Privilege
always:false (default) and the skill does not attempt to persist itself beyond writing local receipts and per-user dotfile changes. It does require admin privileges to create users, which is appropriate for its stated purpose.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install mac-multi-user-agents
  3. After installation, invoke the skill by name or use /mac-multi-user-agents
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
# mac-multi-user-agents 1.1.0 - Added ClawHub card emoji metadata. - No behavior change; this is a presentation and registry metadata update.
v1.0.0
Initial release. ## Added - Hardware-based recommendation script for estimating safe concurrent agent-user counts. - Repeatable dry-run rendering for macOS account creation. - Executable user creation script using `sysadminctl` with per-user OpenClaw and SSH bootstrap. - Verification tooling for shared Homebrew/OpenClaw path visibility. - Fast User Switching and shared Homebrew references for multi-agent Mac hosts. - Receipt logging for user rollout and verification work.
Metadata
Slug mac-multi-user-agents
Version 1.1.0
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Mac Multi User Agents?

Configure a powerful macOS machine to host multiple dedicated OpenClaw agent users with Fast User Switching, a shared Homebrew toolchain, per-user OpenClaw h... It is an AI Agent Skill for Claude Code / OpenClaw, with 391 downloads so far.

How do I install Mac Multi User Agents?

Run "/install mac-multi-user-agents" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Mac Multi User Agents free?

Yes, Mac Multi User Agents is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Mac Multi User Agents support?

Mac Multi User Agents is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Mac Multi User Agents?

It is built and maintained by Matthew Murphy (@matthewxmurphy); the current version is v1.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments