tauri-devtools
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues or malicious patterns were identified in the skill content.
- [DATA_EXFILTRATION]: The skill enables streaming of application telemetry (logs, IPC data, and configuration) to
https://devtools.crabnebula.dev. This is the primary and documented purpose of the observability tool. The documentation explicitly warns against enabling this in release builds to prevent security exposure. - [EXTERNAL_DOWNLOADS]: References standard Tauri plugin crates (
tauri-plugin-devtoolsandtauri-plugin-devtools-app) which are standard dependencies in the Tauri development ecosystem. - [COMMAND_EXECUTION]: Provides instructions for using legitimate development commands such as
cargo addfor package management andadb forwardfor Android device debugging. - [PROMPT_INJECTION]: Indirect Prompt Injection Surface Analysis: (1) Ingestion points: Rust tracing events and IPC payloads (processed by the agent to assist the user); (2) Boundary markers: None; (3) Capability inventory: The skill is documentation-based and does not provide direct execution capabilities beyond guiding the user; (4) Sanitization: None documented. The risk is assessed as low given the developer-focused context.
Audit Metadata