bjornmelin/rust-tauri-apps
skills/rust-tauri-apps/SKILL.md
Implicit Rust Tauri v2 skill. Use for Tauri apps, Rust commands, invoke contracts, app state, plugins, capabilities and permissions, secure IPC, filesystem and shell access, sidecars, updater, bundling, desktop and mobile distribution, and Rust frontend bridge design.
$ install --global
skillsauthnpx skillsauth add bjornmelin/dev-skills rust-tauri-appsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 9, 2026, 3:28 AM157.6s6 files scanned
SKILL.md
- name:
- rust-tauri-apps
- description:
- Implicit Rust Tauri v2 skill. Use for Tauri apps, Rust commands, invoke contracts, app state, plugins, capabilities and permissions, secure IPC, filesystem and shell access, sidecars, updater, bundling, desktop and mobile distribution, and Rust frontend bridge design.
- license:
- MIT
- category:
- rust
Rust Tauri Apps
Build Tauri v2 applications with small Rust command surfaces, secure capabilities, explicit IPC contracts, and maintainable distribution workflows.
Operating Model
- Inspect the Tauri version and generated structure first:
src-tauri,tauri.conf.json, capabilities, permissions, plugins, frontend invocation code, and CI/release scripts. - Treat every command as a public bridge contract. Validate input, return typed serializable results, and keep filesystem/shell/network capabilities narrow.
- Prefer app-owned Rust services behind commands. Do not put large domain logic directly in
#[tauri::command]functions. - Keep the capability model least-privilege by default. Avoid broad filesystem, shell, opener, and dialog permissions unless the user workflow truly needs them.
- Coordinate with the general
tauri-v2skill when available for framework-specific current docs; use this skill for Rust architecture, security, testing, and command design.
Reference Map
references/tauri-v2-rust-backend.mdfor command/state/plugin architecture and typed IPC.references/capabilities-security.mdfor permissions, filesystem/shell risk, secrets, updater, and secure defaults.references/distribution-mobile.mdfor bundling, updater, sidecars, signing, desktop/mobile packaging, and release checks.
Defaults
- Keep commands async only when they await I/O. Do CPU-heavy work off the main runtime.
- Use
serdeDTOs at the IPC boundary and convert to domain types inside services. - Use
tauri::Statefor shared app services with clear ownership; avoid global mutable statics. - Use plugin APIs instead of hand-rolled platform code when mature official plugins cover the use case.
- Keep frontend-originated paths, URLs, and shell arguments untrusted until validated.
Verification
Use repo-native checks first, then add Tauri-specific validation:
cargo fmt --all --check
cargo test --manifest-path src-tauri/Cargo.toml --all-targets
cargo clippy --manifest-path src-tauri/Cargo.toml --all-targets --all-features -- -D warnings
For command changes, add Rust tests around service behavior and frontend tests or contract fixtures for IPC shapes when the app already has a frontend test lane.
Related Skills
bjornmelin/kimi-ui-advisor
tools
VerifiedTrustedCommunity
Explicit-only Kimi Code CLI frontend/UI advisor for UI audits, redesigns, components, screenshots, before/after comparison, layout, styling, accessibility, responsive behavior, and visual polish. Use only when the user explicitly invokes `$kimi-ui-advisor` and wants Codex to ask Kimi for structured UI suggestions, then review, apply, and verify them in the repo.
2SKILL.mdUpdated May 28, 2026
bjornmelin/autoreview
development
VerifiedTrustedCommunity
Run a Codex-only structured code review closeout for local, branch, or commit diffs. Use when the user asks for autoreview, Codex review, structured closeout review, final review before commit/ship, or review after non-trivial code edits.
2SKILL.mdUpdated May 28, 2026
bjornmelin/firecrawl
tools
VerifiedTrustedCommunity
Use this skill for Firecrawl CLI web work: web search, URL scraping, site mapping, crawling, structured extraction, page interaction, monitoring changes, offline site download via x download, and parsing local documents such as PDF, DOCX, XLSX, HTML, DOC, ODT, or RTF. Trigger for requests to search the web, look up current info, fetch/read/scrape a URL, extract website data, crawl docs, click/fill/login/paginate a page, monitor page changes, save a site offline, or parse a document. Do not trigger for generic local file reads/edits, git/deploy/code tasks, or Firecrawl app integration work.
2SKILL.mdUpdated May 26, 2026
bjornmelin/sentry-triage-to-pr
tools
VerifiedTrustedCommunity
Triage unresolved Sentry issues into ranked groups, GitHub issue plans, branches, subspawn worktree assignments, PRs, and closeout loops using the sentry CLI, GitHub CLI, and local verification. Use when asked to prioritize Sentry backlogs, group production issues, create GitHub issues or PRs from Sentry evidence, or parallelize Sentry fixes.
2SKILL.mdUpdated May 14, 2026