Harmonyos Flyverify Integretion

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed HarmonyOS FlyVerify integration helper that can edit app files and handle MobTech credentials, but its higher-impact actions are purpose-aligned and gated by user confirmation.

Install this only if you intend to add MobTech FlyVerify to a HarmonyOS NEXT app. Review the exact file diffs, ohpm commands, added INTERNET/GET_NETWORK_INFO permissions, and privacy-consent placement before approving changes. Treat appKey/appSecret and the generated Excel file as sensitive and keep them out of version control.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README explicitly states the skill will modify project files, insert SDK initialization and privacy-consent calls, and generate configuration artifacts, but it does not require explicit confirmation or clearly warn that these actions will change the user's codebase. In an agent-driven workflow, this can lead to unintended code changes, privacy/compliance mistakes, or dependency installation without sufficiently informed user approval.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal