When to use this skill
ALWAYS use this skill when the user mentions:
- Writing or auditing plugin permissions
- Generating capability templates or permissions schemas
- Cross-platform permission differences
Trigger phrases include:
- "plugin permissions", "capability template", "permissions schema", "capabilities json"
How to use this skill
- Map features to plugin permissions:
Feature: "Read user files" Plugin: fs Permission: fs:allow-read-text-file Scope: { "path": "$DOCUMENT/**" } - Generate capabilities/default.json with minimal scope:
{ "identifier": "default", "description": "Main app capabilities", "windows": ["main"], "permissions": [ "fs:allow-read-text-file", "dialog:allow-open", { "identifier": "http:default", "allow": [{ "url": "https://api.example.com/**" }] } ] } - Separate plugin-defined permissions (what a plugin exposes) from app-enabled capabilities (what your app allows)
- Handle platform differences: Some permissions behave differently on Windows vs macOS (e.g., shell execution, file paths)
- Audit permissions by reviewing each capability entry against the minimum required for each feature
- Run
cargo tauri buildto validate that all required permissions are declared
Outputs
- Feature-to-permission mapping table
- Minimal capabilities/default.json file
- Cross-platform permission audit checklist
References
- https://v2.tauri.app/learn/using-plugin-permissions/
- https://v2.tauri.app/learn/security/writing-plugin-permissions/
Keywords
tauri permissions, plugin permissions, capabilities, scope, capability template