ReddRadar
Agent skill
tauri-framework-security
Harden a Tauri v2 app with baseline security controls including CSP, HTTP headers, runtime authority, and capability matrices. Use when performing security audits, configuring CSP/headers per window, or building a minimum-privilege capability matrix for production.
Install this agent skill to your Project
npx add-skill https://github.com/partme-ai/full-stack-skills/tree/main/skills/tauri-skills/tauri-framework-security
SKILL.md
When to use this skill
ALWAYS use this skill when the user mentions:
- Tauri v2 security hardening or audit
- CSP, HTTP headers, or runtime authority configuration
- Building a capability matrix for minimum-privilege access
Trigger phrases include:
- "security hardening", "CSP", "security audit", "capability matrix", "runtime authority"
How to use this skill
- Build a capability matrix mapping each feature to minimum-required permissions:
Feature | Plugin | Permission | Scope Read user files | fs | fs:allow-read-text-file | $DOCUMENT/** Send API calls | http | http:default | https://api.example.com/** Notifications | notification | notification:allow-notify | (no scope) - Configure CSP in
tauri.conf.json:json{ "app": { "security": { "csp": "default-src 'self'; connect-src 'self' https://api.example.com" } } } - Set HTTP headers for additional security:
json
{ "app": { "security": { "headers": { "X-Content-Type-Options": "nosniff" } } } } - Review runtime authority: Ensure each window only has the capabilities it needs
- Audit plugin permissions against actual usage -- remove any permissions not actively required
- Produce a release security checklist: CSP validated, headers set, capabilities minimized, no debug permissions in production
Outputs
- Capability matrix with minimal scope per feature
- CSP and HTTP headers configuration
- Release security audit checklist
References
- https://v2.tauri.app/security/
- https://v2.tauri.app/security/capabilities/
- https://v2.tauri.app/security/csp/
Keywords
tauri security, CSP, hardening, capability matrix, runtime authority, audit
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
partme-ai/full-stack-skills
ocrmypdf-batch
OCRmyPDF batch processing skill — process multiple PDFs, Docker automation, shell scripting, and CI/CD integration. Use when the user needs to OCR many PDFs, set up automated OCR pipelines, or integrate OCR into workflows.
partme-ai/full-stack-skills
ocrmypdf-optimize
OCRmyPDF optimization skill — compress PDFs, configure PDF/A output, JBIG2 encoding, and lossless optimization. Use when the user needs to reduce PDF file size, create archival PDF/A files, or optimize OCR output.
partme-ai/full-stack-skills
ocrmypdf-image
OCRmyPDF image processing skill — deskew, rotate, clean, despeckle, remove border from scanned documents. Use when the user needs to improve scanned PDF quality, fix skewed pages, remove noise, or clean up scanned documents before OCR.
partme-ai/full-stack-skills
ocrmypdf-api
OCRmyPDF Python API and plugin skill — use OCRmyPDF programmatically from Python, integrate with applications, and extend with plugins (EasyOCR, PaddleOCR, AppleOCR). Use when the user needs to call OCRmyPDF from Python code, build OCR pipelines, or use alternative OCR engines.
partme-ai/full-stack-skills
ocrmypdf
OCRmyPDF core skill — add searchable OCR text layer to scanned PDFs, convert images to searchable PDFs, support 100+ languages via Tesseract. Use when the user needs to OCR a PDF, make a scanned PDF searchable, or extract text from scanned documents.
partme-ai/full-stack-skills
svelte
Guides Svelte and SvelteKit development including reactive components, stores, transitions, lifecycle hooks, SSR, file-based routing, and deployment. Use when the user needs to build Svelte components, create SvelteKit applications, implement reactivity patterns, or configure Svelte with Vite.
Didn't find tool you were looking for?