tauri-capabilities_skill

This skill helps you configure Tauri capabilities for fine-grained security, enforcing per-window permissions and platform-specific controls.

12

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill dchuk/claude-code-tauri-skills --skill tauri-capabilities

  • SKILL.md9.2 KB

Overview

This skill guides you through configuring Tauri capabilities to enforce security and access control for windows and webviews. It explains capability file placement, structure, permission syntax, per-window boundaries, and platform-specific setups. The goal is to help you minimize frontend compromise impact and apply the principle of least privilege consistently.

How this skill works

The skill inspects and explains capability files placed in src-tauri/capabilities/ (JSON or TOML) and how they map permissions to window labels. It covers permission naming, platform targeting, remote URL rules, and how capabilities are enabled implicitly or explicitly via tauri.conf.json. It also shows per-window and wildcard patterns to create precise security boundaries.

When to use it

  • When you need to restrict frontend access to native APIs or plugins
  • When different windows require different permission sets (e.g., main vs preview)
  • When targeting multiple platforms with distinct capabilities
  • When allowing remote web content to call Tauri commands (use with caution)
  • During security reviews to enforce least-privilege across the app

Best practices

  • Apply the principle of least privilege: grant only required permissions per window
  • Create separate capability files for distinct windows and roles
  • Use descriptive, consistent identifiers and include short descriptions
  • Reference generated schemas for IDE autocompletion ($schema)
  • Audit and minimize remote URL access; prefer explicit host patterns
  • Test permission boundaries and verify window labels are exact and case-sensitive

Example use cases

  • Main application window with full feature set: filesystem, shell, clipboard-manager
  • Settings window with limited write/read file permissions and no shell access
  • Preview or viewer window with read-only filesystem access and core:event allowed
  • Mobile build that enables biometric and NFC only on iOS/Android using platform-specific capability files
  • Remote webview limited to a specific origin and allowed only HTTP plugin permissions

FAQ

Put JSON or TOML capability files in src-tauri/capabilities/. Files there are enabled by default unless you explicitly list capabilities in tauri.conf.json.

How do I restrict a permission to a single window?

Set the windows array to the window label (labels are defined in Rust). Use exact labels, patterns like dialog-* for groups, or "*" for all windows.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
tauri-capabilities skill by dchuk/claude-code-tauri-skills | VeilStrat