For anyone who's ever wondered "is my Mac configured well?" but doesn't want to wade through System Settings panels one by one.
brew install gfreedman/macaudit/macaudit
Double-click to run — no Terminal needed.
Installs Homebrew too if it's not already there.
Homebrew is the easiest way. Or build from source.
brew install gfreedman/macaudit/macauditFileVault, Gatekeeper, SIP, Homebrew, login items, the works. 70 checks, narrated results, health score out of 100.
macauditShows what it found, why it matters, and what it would do. Then waits. Skip is the default.
macaudit --fixbrew install gfreedman/macaudit/macauditgit clone https://github.com/gfreedman/mac_audit
cd mac_audit && bash install.shRequires Python 3.10+ and pipx or pip.
Download, double-click, done. Installs Homebrew too if needed.
Download .command file ↓Requires macOS 13 Ventura or later · Intel and Apple Silicon · No Homebrew? Run /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" first.
brew uninstall macaudit
brew untap gfreedman/macauditThe untap line is optional — removes the tap entirely.
rm -rf ~/.config/macauditClears first-run flag, scan history, and MDM notice. Does not affect system settings changed via --fix.
Run it and you get a narrated audit of your Mac's security and system hygiene. Color-coded results stream in, and at the end you get a health score and a list of what to fix. Nothing changes on your Mac until you say so.
Nothing on your Mac changes until you run macaudit --fix.
| Command | What it does |
|---|---|
macaudit | Full scan |
macaudit -y | Full scan, no start prompt |
macaudit --issues-only | Show only warnings and criticals |
macaudit --explain | Extra context per finding |
macaudit --only security | Scan one category |
macaudit --only security,disk | Scan multiple categories |
macaudit --skip dev_env | Skip a category |
macaudit --fix | Step through fixable issues after the scan |
macaudit --fix --auto | Apply safe fixes without prompting each time |
macaudit --quiet | Print only the score |
macaudit --json | Output as JSON for scripts |
macaudit --check-shell-secrets | Scan shell configs for hardcoded credentials |
system security privacy homebrew disk hardware memory network dev_env appsToo many "system optimizer" tools assume they know better than you and start flipping switches. Mac Audit does the opposite: for each issue, it shows what it found, why it matters, and exactly what the fix would do — then waits. The safe default is always Skip.
Irreversible fixes are always labelled. Every command is shown before it runs.
70 checks across 10 categories. Every finding is explained — not just flagged — so you understand what it means before deciding what to do about it.
Add --check-shell-secrets to scan shell configs for hardcoded API keys. Opt-in because it reads private files.
Starts at 100. Points deducted per finding. Critical issues are called out by name in the verdict.
| Finding | Points off |
|---|---|
| Critical issue | 10 |
| Critical in security, privacy, or system | 15 |
| Warning | 3 |
| Warning in security, privacy, or system | 4 |
| Info, pass, or skip | 0 |
A non-creepy, open-source system audit that respects the principle of least surprise. The terminal UI is themed for both dark and light mode with proper alignment — someone actually cared about the details.