This frontend scaffolding skill is not malicious, but it ships several powerful or privacy-sensitive defaults that users should review before generated projects are used beyond local experimentation.
Install only if you are comfortable reviewing and editing generated templates. Before using generated projects, remove or gate Tauri shell support unless needed, make auto-update opt-in with signed HTTPS update channels, bind dev servers to localhost unless LAN testing is intentional, avoid storing bearer tokens in localStorage, and disable remote log submission unless you add clear consent, redaction, and an approved endpoint.