← 返回 Skills 市场

Mac Multi User Agents

Name: Mac Multi User Agents
Author: matthewxmurphy

作者 Matthew Murphy · GitHub ↗ · v1.1.0

cross-platform ⚠ suspicious

391

总下载

当前安装

版本数

在 OpenClaw 中安装

/install mac-multi-user-agents

功能描述

Configure a powerful macOS machine to host multiple dedicated OpenClaw agent users with Fast User Switching, a shared Homebrew toolchain, per-user OpenClaw h...

使用说明 (SKILL.md)

Mac Multi User Agents

Use this skill when one Mac should support multiple dedicated OpenClaw agent users.

This skill is for the pattern you described on the MacBook Pro:

one strong Mac
several agent users
Fast User Switching
one shared /opt/homebrew toolchain
separate ~/.openclaw, SSH, browser, and session state per user

It does not try to hide the fact that macOS user management still requires admin access.

Use This Skill For

preparing a MacBook Pro to host 2-4 dedicated agent users
estimating a sane number of agent users from the Mac's CPU and RAM
keeping one shared Homebrew toolchain while isolating per-user OpenClaw state
rendering or executing repeatable user-create commands instead of clicking around in System Settings
checking whether a user has the required shell/tool paths
documenting and auditing per-user rollout

Do Not Use This Skill For

creating production macOS MDM policy
bypassing sudo or admin approval for user creation
pretending multiple agents should share one login
turning the Mac into a shared human workstation and agent host without boundaries

Requirements

admin access on the Mac
Homebrew installed at /opt/homebrew
OpenClaw installed in the shared toolchain
enough RAM, storage, and browser capacity for the planned agent count

Design Rules

one macOS user per agent
one ~/.openclaw per agent
one ~/.ssh per agent
one browser profile set per agent
shared /opt/homebrew only for binaries and formulae
no shared session files between agents

Workflow

1. Inspect The Host

Run:

scripts/detect-host.sh
scripts/recommend-layout.sh

This reports:

current user list
whether Homebrew/OpenClaw are on the shared path
current Fast User Switching state
current hostname and shell layout
a recommended range for additional agent users based on CPU/RAM

2. Render Or Execute User Creation

Do not improvise account creation from memory.

Render the commands first:

scripts/render-user-create.sh --user agent3 --full-name "Agent 3"
scripts/render-user-create.sh --user agent4 --full-name "Agent 4" --admin no

This prints a repeatable sysadminctl-based flow and the baseline directories to create afterward.

If you want the skill to actually create the user, use:

export AGENT_PASSWORD='set-a-real-password'
scripts/create-user.sh --user agent3 --full-name "Agent 3" --password-env AGENT_PASSWORD

Or dry-run first:

scripts/create-user.sh --user agent3 --full-name "Agent 3" --password-env AGENT_PASSWORD --dry-run

This keeps the process auditable and avoids hand-built user creation every time.

3. Keep The Toolchain Shared

Recommended shared toolchain:

/opt/homebrew/bin/brew
/opt/homebrew/bin/node
/opt/homebrew/bin/npm
/opt/homebrew/bin/openclaw

Read references/shared-homebrew.md before changing ownership or permissions under /opt/homebrew.

4. Bootstrap Per-User State

For each agent user, create or verify:

~/.ssh
~/.openclaw
shell PATH that includes /opt/homebrew/bin
authorized keys if cross-host or gateway SSH is required

Use:

scripts/verify-user-shell.sh --user agent3

to check the resulting shell/tool state.

5. Enable Fast User Switching

Read references/fast-user-switching.md.

The purpose is:

easy hop between agent users
no need to log out the whole Mac
clear separation of browser/session state

6. Leave Receipts

Use:

scripts/write-receipt.sh --action "create-user" --status ok --detail "Prepared agent3 on MacBook Pro"
scripts/write-receipt.sh --action "verify-user-shell" --status ok --detail "agent3 sees brew node openclaw"

Security Rules

do not give every agent user admin unless there is a real reason
keep /opt/homebrew shared, but keep ~/.openclaw private per user
do not share browser profiles between agent users
keep SSH keys per user, not one copied private key everywhere
if one user is removed, cleanup should not break the other users

Rollback

A single agent user should be removable without reinstalling the Mac.

Baseline rollback:

remove that user
remove that user’s ~/.openclaw
remove that user’s SSH keys and browser state
keep shared Homebrew intact

Files

scripts/detect-host.sh: inspect the Mac and shared toolchain state
scripts/recommend-layout.sh: suggest a sane agent-user count from hardware
scripts/render-user-create.sh: print repeatable user-creation commands
scripts/create-user.sh: actually create and bootstrap an agent user with sysadminctl
scripts/verify-user-shell.sh: verify a target user sees the expected toolchain
scripts/write-receipt.sh: append JSONL receipts for rollout work
references/fast-user-switching.md: practical guidance for multi-user Mac agent hosts
references/shared-homebrew.md: rules for one shared Homebrew toolchain across agent users

安全使用建议

This skill appears to do what it says: create and bootstrap macOS agent users using admin privileges and a shared Homebrew. Before using it: (1) review the scripts yourself — they run sudo/sysadminctl and modify user dotfiles and home directories; (2) run the detection and render scripts first (dry-run) to see what will happen; (3) when creating users, supply a password via an environment variable as instructed (e.g., export AGENT_PASSWORD) rather than embedding plaintext passwords; (4) back up any ~/.zprofile or other user files you care about because the scripts append PATH modifications; (5) verify /opt/homebrew and OpenClaw locations match your environment; (6) confirm you have full admin consent for creating accounts on the machine; and (7) consider testing on a disposable machine or VM before rolling out to a production laptop.

功能分析

Type: OpenClaw Skill Name: mac-multi-user-agents Version: 1.1.0 The skill bundle provides scripts to perform high-privilege macOS administrative tasks, specifically creating new user accounts and granting them admin rights using 'sysadminctl' and 'dseditgroup' (scripts/create-user.sh). While these actions are consistent with the stated goal of managing multi-user agent environments, the capability to programmatically create accounts and modify system-level permissions represents a significant attack surface if the agent is misdirected. No evidence of data exfiltration, obfuscation, or intentional backdoors was found, but the inherent risk of the administrative tools warrants a cautious classification.

能力评估

✓ Purpose & Capability

The name/description (multi-user macOS agent host) matches the included scripts and documentation: inspecting host, recommending layout, rendering/creating users, verifying shells, and writing local receipts. Required capabilities (admin, Homebrew at /opt/homebrew, OpenClaw installed) are consistent with the task.

ℹ Instruction Scope

Instructions and scripts perform privileged local actions (sysadminctl, dseditgroup, dscl) and edit per-user dotfiles (~/.zprofile), create ~/.ssh and ~/.openclaw, and write local JSONL receipts. These are expected for account provisioning but are intrusive (modify user shells and home directories); review and run dry-runs first.

✓ Install Mechanism

This is instruction-only with no install spec. All delivered artifacts are small scripts and docs; nothing is downloaded or extracted from external URLs.

ℹ Credentials

The skill declares no required env vars, which aligns with registry metadata. The create-user flow expects the operator to supply a password via an environment variable (e.g., export AGENT_PASSWORD) at runtime — this is reasonable but the registry metadata does not list a primary credential, so users should be aware they'll need to provide the password env themselves. write-receipt.sh honors RECEIPT_ROOT if set (optional). No other secrets or remote tokens are requested.

✓ Persistence & Privilege

always:false (default) and the skill does not attempt to persist itself beyond writing local receipts and per-user dotfile changes. It does require admin privileges to create users, which is appropriate for its stated purpose.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install mac-multi-user-agents
安装完成后，直接呼叫该 Skill 的名称或使用 /mac-multi-user-agents 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.1.0

# mac-multi-user-agents 1.1.0 - Added ClawHub card emoji metadata. - No behavior change; this is a presentation and registry metadata update.

v1.0.0

Initial release. ## Added - Hardware-based recommendation script for estimating safe concurrent agent-user counts. - Repeatable dry-run rendering for macOS account creation. - Executable user creation script using `sysadminctl` with per-user OpenClaw and SSH bootstrap. - Verification tooling for shared Homebrew/OpenClaw path visibility. - Fast User Switching and shared Homebrew references for multi-agent Mac hosts. - Receipt logging for user rollout and verification work.

元数据

Slug mac-multi-user-agents

版本 1.1.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 2

常见问题