Skills
skills/miles990/claude-software-skills/desktop-apps/Gen Agent Trust Hub

desktop-apps

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • DATA_EXFILTRATION (HIGH): The IPC handlers fs:read and fs:write in templates/electron-main.ts (lines 228-236) accept arbitrary file paths from the renderer process without any validation or sanitization. This allows a compromised renderer to bypass the sandbox and read or modify sensitive host files (e.g., SSH keys, credentials).
  • EXTERNAL_DOWNLOADS (HIGH): An automated scanner (URLite) identified a blacklisted URL in the main.rs file (Alert: URL:Blacklist|UR09BDF6D942948297-0200|urlb). This indicates the presence of references to known malicious infrastructure within the Tauri source component.
  • COMMAND_EXECUTION (MEDIUM): The electron-main.ts template exposes the autoUpdater.quitAndInstall() function to the renderer process via the update:install IPC channel. This allows an attacker who gains control of the renderer to force application updates, which could be leveraged if the update server is also compromised.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 05:51 PM