Rscoop takes security seriously while preserving the transparency of the Scoop ecosystem.

• Optional scanning runs before every install when you provide an API key.
• The backend requests the hash report and blocks the operation if the detection ratio exceeds your threshold.
• Cancelling an install from the scan dialog leaves Scoop untouched and records the decision in the log.

• Core package actions delegate to the official Scoop CLI, so Rscoop never reimplements package installation logic.
• Rust commands wrap Scoop invocations to provide progress updates, parse errors, and prevent destructive defaults.
• Logging is handled by tauri-plugin-log with outputs to both stdout and the per-user log directory for auditing.

Rscoop does not transmit telemetry or personal data. Network requests are limited to the services you explicitly use: Scoop buckets, VirusTotal (if configured), and release checks.