Jamf Script Safety Reviewer is a skill that performs defensive pre-deployment review of scripts used with Jamf Pro, Self Service, Kandji, and Iru. It is designed for Mac admins who want to catch safety and hygiene issues before scripts run in production across managed devices.
The skill examines console-user detection logic and root-versus-user assumptions, which are common sources of unintended privilege escalation or broken behavior. It inspects prompt patterns that could expose sensitive input through logs, files, or process listings, and reviews how Jamf API tokens are handled in redacted examples. Shell robustness issues — including quoting mistakes, unsafe PATH assumptions, temp file handling, cleanup gaps, and rollback readiness — are also checked. For teams migrating workflows, it provides Kandji and Iru adaptation notes.
After review, the skill returns a verdict of ready, caution, or hold, accompanied by specific findings, safer replacement patterns, suggested test steps, and rollout notes for staged deployment planning. This structured output lets admins act on findings without interpreting raw analysis.
The skill operates on redacted or synthetic script examples only. It does not collect, validate, store, transmit, or request live passwords, tokens, recovery keys, or private tenant values. It is not a script executor and does not connect to any Jamf or Kandji tenant.