electron-ipc-security-audit

Solid

Analyze Electron IPC implementations for security vulnerabilities including contextIsolation, nodeIntegration, preload scripts, and channel validation

AI & Automation 1,160 stars 71 forks Updated today MIT

Install

Quality Score: 96/100

Stars 20%

100

Recency 20%

100

Frontmatter 20%

70

Documentation 15%

100

Issue Health 10%

50

License 10%

100

Description 5%

100

Skill Content

# electron-ipc-security-audit Analyze Electron IPC implementations for security vulnerabilities. This skill performs comprehensive security audits of inter-process communication patterns, checking for contextIsolation issues, nodeIntegration risks, preload script security, and IPC channel validation. ## Capabilities - Audit IPC channel implementations for security vulnerabilities - Check contextIsolation and nodeIntegration configuration - Analyze preload scripts for unsafe patterns - Validate IPC message handling and sanitization - Detect prototype pollution risks - Check for remote code execution vulnerabilities - Review Content Security Policy headers - Identify exposed APIs through contextBridge ## Input Schema ```json { "type": "object", "properties": { "projectPath": { "type": "string", "description": "Path to the Electron project root" }, "auditScope": { "type": "array", "items": { "enum": ["ipc-channels", "preload-scripts", "main-process", "renderer-security", "csp", "all"] }, "default": ["all"] }, "severity": { "enum": ["all", "critical", "high", "medium"], "default": "all", "description": "Minimum severity level to report" }, "includeRecommendations": { "type": "boolean", "default": true } }, "required": ["projectPath"] } ``` ## Output Schema ```json { "type": "object", "properties": { "success": { "type": "boolean" }, "summary": { ...

Details

Author: a5c-ai
Repository: a5c-ai/babysitter
Created: 4 months ago
Last Updated: today
Language: JavaScript
License: MIT

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Listed

electron-security

Security audit for Electron desktop applications including context isolation, nodeIntegration, sandbox config, preload scripts, IPC (ipcMain/ipcRenderer/contextBridge), webview tag risks, deep link handling, auto-updater security, and Electron CVE awareness. Use this skill whenever the user mentions Electron, electron-builder, contextBridge, nodeIntegration, preload.js, BrowserWindow webPreferences, ipcMain, ipcRenderer, electron-updater, or asks "audit my Electron app", "Electron security", "is my preload safe". Trigger when the codebase contains `electron` in package.json or `electron.js`/`main.ts` referenced as entry.

1 Updated 1 weeks ago

AI & Automation Solid

electron-main-preload-generator

Generate secure main process and preload script boilerplate with proper context isolation, IPC patterns, and security best practices for Electron applications

1,160 Updated today

AI & Automation Listed

security-audit

Audit code and dependencies for security vulnerabilities. Use when reviewing PRs, checking dependencies, preparing for deployment, or when user mentions security, vulnerabilities, or audit.

0 Updated today

Data & Documents Listed

electron-ipc-bridge

Production IPC engineering for the Electron main/renderer boundary. Invoke when adding, modifying, or reviewing any IPC channel, preload contract, or cross-process data flow. Holds the security and reliability standards of a Claude Code-class desktop engineering team.

1 Updated 2 months ago

AI & Automation Listed

security-check

Vulnerability assessment by a senior application security engineer for a skill, agent, or plugin (Claude Code or Codex marketplace item) before installation. Domain expertise — prompt injection, credential exfiltration, supply-chain compromise, hook abuse, indirection attacks, encoded payloads, social engineering in technical artifacts, tool-model bypass. Deep content review across SKILL.md/agent.md body + ALL dependencies (scripts/, references/, assets/, bundled plugin files). Threat detection by expert reasoning, not regex. Returns structured verdict (GREEN/YELLOW/RED) with cited evidence (file + excerpt + concern). Invoked by the security-auditor agent in parallel per selected item. Use before installing ANY third-party skill, agent, or plugin.

0 Updated 4 days ago