Nextjs To Tauri

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent migration guide for packaging a Next.js app as a Tauri desktop app, with expected build, updater, CI, and preference-storage guidance.

Before installing, confirm you want an agent to make desktop-packaging changes in your app repository. Pay special attention to the auto-update signing key: keep the private key out of git, store it only as a GitHub secret, and rotate it if exposed. If language persistence matters for your users or organization, adjust the template so the detected system language is applied only after explicit user choice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The hook automatically reads the system locale and persists it to localStorage on first run without any explicit user consent. Locale can reveal regional or linguistic preference information, and silently storing/applying it may violate privacy expectations or organizational consent requirements, especially in desktop apps where users may assume more local-state persistence.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal