Close Open Privacy Scan
App Privacy Score
Low risk · 61 finding(s)
Dependency score: 72 (Medium risk)
bar_chart Score Breakdown
list Scan Summary
swap_horiz External domains
100.82.5.118169.254.169.254agentskills.ioai-gateway.vercel.shai-sdk.devai.google.devaihubmix.comaiplatform.googleapis.comaistudio.google.comapexsurveys.oracle.comapi.aiapi.aihubmix.comapi.anthropic.comapi.asksage.aiapi.cerebras.aiapi.cline.botapi.deepseek.comapi.dify.aiapi.exa.aiapi.fireworks.aiapi.getdial.aiapi.github.comapi.groq.comapi.hicap.aiapi.inference.wandb.aiapi.kilo.aiapi.minimax.ioapi.mistral.aiapi.moonshot.aiapi.novu.coapi.openai.comapi.sambanova.aiapi.studio.nebius.aiapi.telegram.orgapi.together.aiapi.together.xyzapi.v0.devapi.workos.comapi.x.aiapi.xiaomimimo.comapi.z.aiapp.baseten.coapp.cline.botapp.example.botapp.posthog.comapp.requestly.ioark.cn-beijing.volces.comauth.openai.comauth.tokenfactory.nebius.comautopush-generativelanguage.sandbox.googleapis.comavatars.githubusercontent.combailian.console.aliyun.combase-ui.combedrock-agent-runtime.us-west-2.amazonaws.combedrock-mantle.us-east-1.api.awsbedrock-runtime.us-east-1.amazonaws.combitcoin.orgchatgpt.comclaude.aicline.botcline.github.iocloud.cerebras.aicloud.google.comcloud.langfuse.comcloud.tencent.comcode-internal.aiservice.us-chicago-1.oci.oraclecloud.comcode.aiservice.us-chicago-1.oci.oraclecloud.comcommunity.cline.botconfluence.oraclecorp.comconsole.aihubmix.comconsole.anthropic.comconsole.firebase.google.comconsole.groq.comconsole.mistral.aiconsole.volcengine.comcontent-firebaseappcheck.googleapis.comcore-api.staging.int.cline.botcursor.comcustomersurveys.oracle.comdashboard.hicap.aidashscope.aliyuncs.comdata.cline.botdevelopers.openai.comdiscord.comdiscord.ggdocs.anthropic.comdocs.cline.botdocs.cloud.google.comdocs.expo.devdocs.litellm.aidocs.sambanova.aidummy.comejiidnob33g9ap1r.public.blob.vercel-storage.comexample.ngrok-free.appfcmregistrations.googleapis.comfirebase.google.comfirebaseinstallations.googleapis.comfirebaselogging.googleapis.comfirebaseremoteconfig.googleapis.comfireworks.aifonts.googleapis.comgemini-api-demos.uc.r.appspot.comgenerativelanguage.googleapis.comgithub.comgoo.glgoogle.aip.devhelp.openai.comhelp.sap.comheroui-assets.nyc3.cdn.digitaloceanspaces.comheroui.comhuggingface.coidcs-9dc693e80d9b469480d7afe00e743931.identity.oraclecloud.comimg.heroui.chatinfer-modelarts.cn-southwest-2.myhuaweicloud.cominference-api.nousresearch.cominference.baseten.coinference.poolside.aiinvalid-url-to-show-fallback.comjs-na2.hs-scripts.comjson-schema.orglmstudio.ailogin-ext.identity.oraclecloud.commanagement.azure.commarketplace.visualstudio.commetadata.google.internalmodel-api.baseten.comodelcontextprotocol.iomodels.devnews.google.comnpm.imoauth2.googleapis.comontheline.trincoll.eduopen.bigmodel.cnopenrouter.aiplatform.claude.complatform.moonshot.aiplatform.moonshot.cnplatform.openai.compokeapi.coposthog.compptr.devpurl.oclc.orgpurl.orgraw.githubusercontent.comreact.devreactjs.orgregistry.npmjs.orgrouter.huggingface.corouter.requesty.aischemas.microsoft.comschemas.openxmlformats.orgschemas.zwobble.orgscira.aisecuretoken.google.comsentry.ioskills.shstaging-app.cline.botstorage.googleapis.comstuk.github.iosupport.huaweicloud.comswapi.py4e.comt3.chattailwindcss.comtokenhub.tencentmaas.comus.i.posthog.comus.posthog.comv0.appvercel.comvia.placeholder.comwandb.aiwww.allrecipes.comwww.anthropic.comwww.apple.comwww.baseten.cowww.deepseek.comwww.foodnetwork.comwww.google.comwww.googleapis.comwww.gstatic.comwww.linkedin.comwww.minimax.iowww.reddit.comwww.w3.orgx.aix.comz.ai
</> First-Party Code
first-party (rust): apps/examples/desktop-app/src-tauri
rust first-partyexpand_more 4 low-confidence finding(s)
let explicit = std::env::var("CLINE_CODE_SIDECAR_BIN")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(value) = std::env::var("CLINE_MCP_SETTINGS_PATH") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let home = std::env::var("HOME").map_err(|_| "HOME is not set".to_string())?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(&settings_path, body)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
</> Dependencies
rfd
rust dependencyexpand_more 9 low-confidence finding(s)
let target_os = std::env::var("CARGO_CFG_TARGET_OS").expect("target OS not detected");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let gtk = std::env::var_os("CARGO_FEATURE_GTK3").is_some();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let xdg = std::env::var_os("CARGO_FEATURE_XDG_PORTAL").is_some();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let tokio = std::env::var_os("CARGO_FEATURE_TOKIO").is_some();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let async_std = std::env::var_os("CARGO_FEATURE_ASYNC_STD").is_some();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::error!("UserAler result send error: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("UserAler error: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let res = std::fs::read(path);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let res = std::fs::write(path, bytes);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
serde
rust dependencyexpand_more 4 low-confidence finding(s)
let out_dir = PathBuf::from(env::var_os("OUT_DIR").unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let patch_version = env::var("CARGO_PKG_VERSION_PATCH").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(out_dir.join("private.rs"), module).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let rustc = env::var_os("RUSTC")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
serde_json
rust dependencyexpand_more 2 low-confidence finding(s)
let target_arch = env::var_os("CARGO_CFG_TARGET_ARCH").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let target_pointer_width = env::var_os("CARGO_CFG_TARGET_POINTER_WIDTH").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tauri
rust dependencyexpand_more 42 low-confidence finding(s)
std::env::var(format!("CARGO_FEATURE_{}", AsShoutySnakeCase(feature)))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let target_os = std::env::var("CARGO_CFG_TARGET_OS").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let out_dir = PathBuf::from(env::var("OUT_DIR").unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(
checked_features_out_path,
CHECKED_FEATURES.get().unwrap().lock().unwrap().join(","),
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let target_env = std::env::var("CARGO_CFG_TARGET_ENV");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let is_tauri_workspace = std::env::var("__TAURI_WORKSPACE__").is_ok_and(|v| v == "true");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::env::var(var).unwrap_or_else(|_| {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(kotlin_out_dir) = std::env::var("WRY_ANDROID_KOTLIN_FILES_OUT_DIR") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let content = fs::read_to_string(file.path())
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Some(project_dir) = env::var_os("TAURI_ANDROID_PROJECT_PATH").map(PathBuf::from) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let package_unescaped = env::var("TAURI_ANDROID_PACKAGE_UNESCAPED")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(
project_dir.join("app").join("proguard-tauri.pro"),
tauri_proguard,
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
PathBuf::from(std::env::var_os("CARGO_MANIFEST_DIR").unwrap()).join("mobile/android");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
PathBuf::from(std::env::var_os("CARGO_MANIFEST_DIR").unwrap()).join("mobile/ios-api");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return std::fs::read(asset_path).ok().map(|bytes| {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::error!("failed to exit: {}", e);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("restart triggered on the main thread");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("restart triggered from a separate thread");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("failed to request exit: {e}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let bytes = std::fs::read(path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::debug!("Unknown CspHash variant encountered: {:?}", _csp_hash);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Asset `{path}` not found; fallback to {path}.html");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Asset `{path}` not found; fallback to {path}/index.html",);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Asset `{path}` not found; fallback to index.html");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("{error}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("failed to get file name from URI: {e}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("failed to restart app: {e}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("failed to restart app: {e}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("asset protocol path \"{}\" is not valid: {}", path, e);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("asset protocol not configured to allow the path: {}", path);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let mut file = match File::open(path.clone()) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::error!("Failed to open Android external storage file '{}': {}. This may be due to missing storage permissions.", path, e);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("File does not exist at path: {}", path);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Missing OS permission to access path \"{}\": {}", path, e);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("adding dev server root certificate");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"the dev root-certificate-path option was provided, but you must enable one of the following Tauri features in Cargo.toml: native-tls, native-tls-vendored, rustls-tls"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"loading HTTPS URL; you might need to provide a certificate via the `dev --root-certificate-path` option. You must enable one of the following Tauri features in Cargo.toml: native-tls, native-tls-vendored, rustls-tls"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("{error_message}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!("failed to resolve data directory");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!(
"data_directory `{}` is not a safe path, ignoring config. Validation error was: {_err}",
data_directory.display()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!(
"data_directory `{}` is not a relative path, ignoring config.",
data_directory.display()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!(
"__TAURI_INVOKE_KEY__ expected {expected} but received {}",
request.invoke_key
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
Skipped dependencies
Production
- @cline/shared prod — dist-only: no readable source
- @cline/llms prod — dist-only: no readable source
- @cline/agents prod — dist-only: no readable source
- @cline/core prod — dist-only: no readable source
- @types/uuid prod — no javascript source
- @chat-adapter/discord prod — dist-only: no readable source
- @chat-adapter/gchat prod — dist-only: no readable source
- @chat-adapter/slack prod — dist-only: no readable source
- @chat-adapter/linear prod — dist-only: no readable source
- @chat-adapter/telegram prod — dist-only: no readable source
- @chat-adapter/whatsapp prod — dist-only: no readable source
- @cline/cline-hub prod — registry 404
- @clack/prompts prod — dist-only: no readable source
- @fontsource/azeret-mono prod — no javascript source
- @radix-ui/react-slider prod — dist-only: no readable source
- @radix-ui/react-slot prod — dist-only: no readable source
- @radix-ui/react-switch prod — dist-only: no readable source
- @radix-ui/react-tooltip prod — dist-only: no readable source
- class-variance-authority prod — dist-only: no readable source
- framer-motion prod — dist-only: no readable source
- fuse.js prod — dist-only: no readable source
- magic-string prod — dist-only: no readable source
- mermaid prod — dist-only: no readable source
- react-textarea-autosize prod — dist-only: no readable source
- react-virtuoso prod — dist-only: no readable source
- @fontsource-variable/schibsted-grotesk prod — no javascript source
- @radix-ui/react-use-controllable-state prod — dist-only: no readable source
- @rive-app/react-webgl2 prod — dist-only: no readable source
- @shikijs/langs prod — dist-only: no readable source
- @shikijs/themes prod — dist-only: no readable source
- @streamdown/cjk prod — dist-only: no readable source
- @xyflow/react prod — dist-only: no readable source
- cmdk prod — dist-only: no readable source
- motion prod — dist-only: no readable source
- next-themes prod — dist-only: no readable source
- react-jsx-parser prod — dist-only: no readable source
- shadcn prod — dist-only: no readable source
- shiki prod — dist-only: no readable source
- sonner prod — dist-only: no readable source
- streamdown prod — dist-only: no readable source
- tokenlens prod — dist-only: no readable source