tauri-security
When to use this skill
ALWAYS use this skill when the user mentions:
- Capability or scope design for Tauri v2
- Building or editing capabilities/default.json
- ACL-based permission control or audit
Trigger phrases include:
- "capabilities", "scope", "ACL", "permissions", "capabilities json", "minimum privilege"
How to use this skill
- Create capabilities/default.json in
src-tauri/capabilities/:{ "identifier": "default", "description": "Main window capabilities", "windows": ["main"], "permissions": [ "core:default", "dialog:allow-open", { "identifier": "fs:allow-read-text-file", "allow": [{ "path": "$APPDATA/**" }] }, { "identifier": "http:default", "allow": [{ "url": "https://api.example.com/**" }] } ] } - Map features to capabilities: Each feature should use the minimum permissions required
- Define scoped access to restrict file paths, URLs, and other resources:
{ "identifier": "fs:allow-write-text-file", "allow": [{ "path": "$APPDATA/config/**" }] } - Assign capabilities per window -- different windows can have different permission sets
- Audit permissions before release: remove any unused permissions, verify scope restrictions
- Validate at runtime by testing that restricted operations correctly fail outside their scope
Outputs
- capabilities/default.json with minimal permissions
- Feature-to-capability mapping
- Scoped access rules for files, URLs, and plugins
- Permission audit checklist
References
Keywords
tauri security, capabilities, scope, ACL, permissions, minimum privilege
More from partme-ai/full-stack-skills
vite
Guidance for Vite using the official Guide, Config Reference, and Plugins pages. Use when the user needs Vite setup, configuration, or plugin selection details.
68element-plus-vue3
Provides comprehensive guidance for Element Plus Vue 3 component library including installation, components, themes, internationalization, and API reference. Use when the user asks about Element Plus for Vue 3, needs to build Vue 3 applications with Element Plus, or customize component styles.
64vue3
Guidance for Vue 3 using the official guide and API reference. Use when the user needs Vue 3 concepts, patterns, or API details to build components, apps, and tooling.
54electron
Build cross-platform desktop applications with Electron, covering main/renderer process architecture, IPC communication, BrowserWindow management, menus, tray icons, packaging, and security best practices. Use when the user asks about Electron, needs to create desktop applications, implement Electron features, or build cross-platform desktop apps.
52uniapp-project
Provides per-component and per-API examples with cross-platform compatibility details for uni-app, covering built-in components, uni-ui components, and APIs (network, storage, device, UI, navigation, media). Use when the user needs official uni-app components or APIs, wants per-component examples with doc links, or needs platform compatibility checks.
40ascii-cli-logo-banner
Entry point for ASCII CLI banners that routes to the Python built-in font skill or figlet.js/FIGfont skill. Use when the user wants a startup banner, ASCII logo, terminal welcome screen, or CLI branding for a service.
38