tauri_skill

This skill helps you securely configure Tauri desktop apps by enforcing least privilege, strong IPC validation, CSP, and safe plugin usage.
  • Shell

25

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill martinholovsky/claude-skills-generator --skill tauri

  • SKILL.md17.2 KB

Overview

This skill packages practical guidance for building secure, high-performance Tauri desktop apps that combine a Rust backend with a web frontend. It focuses on minimizing attack surface through least-privilege capabilities, strict IPC validation, strong CSP, and secure updater patterns. Use it to design, test, and harden Tauri applications with production-ready defaults.

How this skill works

The skill inspects typical Tauri attack surfaces and provides concrete patterns: capability scoping, content security policies, validated IPC command implementations, origin checks, async performance patterns, and secure updater configuration. It includes example code for Rust commands, validation logic, capability JSON, CSP entries, and lifecycle management so you can apply and test secure defaults quickly.

When to use it

  • Starting a new Tauri project and choosing secure defaults
  • Hardening an existing Tauri app against IPC, filesystem, or updater risks
  • Designing scoped capability/permission models for desktop features
  • Implementing or reviewing secure auto-update and cryptographic signing
  • Writing tests to validate path access, origin checks, and input validation

Best practices

  • Grant minimal capabilities; scope filesystem and shell access to allowlists only
  • Validate and sanitize all IPC inputs using typed validators and canonicalize filesystem paths
  • Use a restrictive CSP and freeze prototypes to prevent prototype pollution and XSS escalation
  • Run async commands for I/O-heavy work and avoid blocking the main thread
  • Use origin verification for sensitive commands and check window URL origins at runtime
  • Protect updater endpoints with signed releases and verify public keys before install

Example use cases

  • Implement a read_file command that canonicalizes and enforces app-directory scope
  • Create capability profiles (default vs admin) to separate user permissions
  • Add CSP entries limiting connect-src to required APIs and blocking frames/objects
  • Design tests that assert path traversal is rejected and async commands return expected results
  • Configure the updater to check signed releases and perform silent downloads with explicit user consent

FAQ

Use Tauri 2.x and the latest Tauri CLI; match Rust >=1.77.2 and Node 20 LTS to incorporate recent CVE fixes.

How do I prevent path traversal in file access?

Validate input, join with your app directory, then canonicalize and ensure the result starts with your app directory path.

Is a frozen prototype important?

Yes. Freezing prototypes reduces prototype pollution attack vectors in webviews and should be enabled alongside a restrictive CSP.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
tauri skill by martinholovsky/claude-skills-generator | VeilStrat