Full-stack-skills tauri-framework-security
Harden a Tauri v2 app with baseline security controls including CSP, HTTP headers, runtime authority, and capability matrices. Use when performing security audits, configuring CSP/headers per window, or building a minimum-privilege capability matrix for production.
install
source · Clone the upstream repo
git clone https://github.com/partme-ai/full-stack-skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/partme-ai/full-stack-skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/tauri-skills/tauri-framework-security" ~/.claude/skills/partme-ai-full-stack-skills-tauri-framework-security && rm -rf "$T"
manifest:
skills/tauri-skills/tauri-framework-security/SKILL.mdsource content
When to use this skill
ALWAYS use this skill when the user mentions:
- Tauri v2 security hardening or audit
- CSP, HTTP headers, or runtime authority configuration
- Building a capability matrix for minimum-privilege access
Trigger phrases include:
- "security hardening", "CSP", "security audit", "capability matrix", "runtime authority"
How to use this skill
- Build a capability matrix mapping each feature to minimum-required permissions:
Feature | Plugin | Permission | Scope Read user files | fs | fs:allow-read-text-file | $DOCUMENT/** Send API calls | http | http:default | https://api.example.com/** Notifications | notification | notification:allow-notify | (no scope) - Configure CSP in
:tauri.conf.json{ "app": { "security": { "csp": "default-src 'self'; connect-src 'self' https://api.example.com" } } } - Set HTTP headers for additional security:
{ "app": { "security": { "headers": { "X-Content-Type-Options": "nosniff" } } } } - Review runtime authority: Ensure each window only has the capabilities it needs
- Audit plugin permissions against actual usage -- remove any permissions not actively required
- Produce a release security checklist: CSP validated, headers set, capabilities minimized, no debug permissions in production
Outputs
- Capability matrix with minimal scope per feature
- CSP and HTTP headers configuration
- Release security audit checklist
References
- https://v2.tauri.app/security/
- https://v2.tauri.app/security/capabilities/
- https://v2.tauri.app/security/csp/
Keywords
tauri security, CSP, hardening, capability matrix, runtime authority, audit