Stats
Actions
Tags
From safe-uninstall
This skill should be used when the user asks to "remove program", "uninstall app", "delete daemon", "clean up process", "safe uninstall", "find resource hog", "what is this process", "remove bloatware", "kill daemon", "remove LaunchDaemon", "remove security program", "Activity Monitor finding", "high memory process", or wants to safely identify and remove macOS programs and daemons. Also triggers when the user mentions high memory/CPU usage by unknown processes, Activity Monitor concerns, unwanted LaunchDaemons/Agents, or Korean banking security programs (TouchEn, AhnLab, Veraport, INISAFE, CrossEX). Use this skill even when the user simply provides a process name and wants it gone, or describes a process consuming excessive resources they want to investigate.
How this skill is triggered — by the user, by Claude, or both
Slash command
/safe-uninstall:safe-uninstallThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Safely identify, investigate, and remove macOS programs through a structured
Safely identify, investigate, and remove macOS programs through a structured workflow: target identification, comprehensive investigation, removal approach selection, risk-assessed execution, and verification.
This skill delegates execution of irreversible operations (file deletion, service
removal) to Prosoche (/attend). The epistemic-protocols plugin must be
installed for safe execution gating.
Target Identification → Investigation → Report → Approach Selection → /attend Execution → Verification
Support two entry points depending on user context.
When the user reports high resource usage, unknown processes, or Activity Monitor concerns, start with a resource scan to identify the target:
ps aux --sort=-%mem | head -20
ps aux --sort=-%cpu | head -20
codesign -dv --verbose=2 <binary_path> 2>&1 # vendor identity
When the user names a specific process or program, confirm the target and derive
search patterns (see references/investigation-paths.md for pattern derivation).
Delegate investigation to a subagent for efficient parallel execution.
Derive multiple search patterns from the target: binary path components, process name, vendor name, product name. Use case-insensitive grep across ALL locations.
Every investigation must cover all of these (no shortcuts):
| Category | Command Pattern |
|---|---|
| Running processes | ps aux | grep -i -E "<patterns>" |
| LaunchDaemons | ls /Library/LaunchDaemons/ | grep -i -E "<patterns>" |
| LaunchAgents (system) | ls /Library/LaunchAgents/ | grep -i -E "<patterns>" |
| LaunchAgents (user) | ls ~/Library/LaunchAgents/ | grep -i -E "<patterns>" |
| Application Support | ls "/Library/Application Support/" | grep -i -E "<patterns>" |
| Applications | ls /Applications/ | grep -i -E "<patterns>" |
| Kernel Extensions | ls /Library/Extensions/ | grep -i -E "<patterns>" |
| System Extensions | ls /Library/SystemExtensions/ | grep -i -E "<patterns>" |
| Privileged Helpers | ls /Library/PrivilegedHelperTools/ | grep -i -E "<patterns>" |
| Browser Plugins | ls "/Library/Internet Plug-Ins/" | grep -i -E "<patterns>" |
| Login Items | osascript -e 'tell application "System Events" to get the name of every login item' |
| Package Receipts | pkgutil --pkgs | grep -i -E "<patterns>" |
| Uninstaller search | find /Applications -iname "*uninstall*" | grep -i -E "<patterns>" |
For each LaunchDaemon/Agent plist found, read it to extract KeepAlive, RunAtLoad, and Program properties — these determine the removal strategy.
Also check for companion frameworks in sibling Application Support directories
(see references/investigation-paths.md for known companion patterns).
Present findings as a structured report so the user can make an informed decision.
Template:
## [Program Name] — Investigation Report
**Running Processes:**
| PID | User | %MEM | %CPU | Binary Path |
|-----|------|------|------|-------------|
**LaunchDaemons/Agents (KeepAlive services respawn after kill):**
| plist Path | KeepAlive | RunAtLoad |
|------------|-----------|-----------|
**Installed Files:**
| Category | Path | Notes |
|----------|------|-------|
**Uninstaller:** [path or "Not found"]
**Package Receipts:** [list or "None"]
**Companion Frameworks:** [list or "None"]
Present options based on findings:
Invoke /attend with the removal task list. Prosoche will classify each task
for risk and gate irreversible operations through user judgment.
Typical task ordering (KeepAlive-aware):
launchctl bootout/unload for KeepAlive plist (before kill)open /path/to/Uninstaller.app (if selected)kill <PID>launchctl remove <label>sudo rm -rf for remaining directoriessudo rm symlinks and plugin bundlessudo pkgutil --forget <id>Non-interactive terminal sessions cannot accept sudo passwords. When sudo operations fail:
! prefix for Claude Code promptRun a comprehensive post-removal check against all previously identified items:
ps aux | grep -i -E "<patterns>" | grep -v greplaunchctl list 2>/dev/null | grep -i -E "<patterns>"pkgutil --pkgs | grep -i -E "<patterns>"Present final status:
## Removal Verification
| Item | Status |
|------|--------|
| [item description] | [Removed] / [Remaining] |
**Result:** [N] items removed, [M] remaining
mdfind -name "<name>")
to find installed-but-inactive programsls -la and include in cleanupnpx claudepluginhub jongwony/cc-plugin --plugin safe-uninstallAutomates macOS disk cleanup and memory monitoring with Mole-based safety guards and LaunchAgent alerting. Responds to low disk space, kernel panics, and vm-compressor shortages on Apple Silicon.
Finds stale and resource-hungry processes, scores waste, and presents cleanup report. Activates on RAM queries or slow machine, or proactively when noticing sluggishness.
Diagnoses macOS issues: kernel panics, failing drives, slow boot, TCC permission denials, APFS snapshot bloat, wake failures, launchd audits, and startup item triage via logs, diskutil, and sysdiagnose.