Security audit

Harmonyos Sharesdk Integretion

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent HarmonyOS ShareSDK integration guide, with expected project edits and credential handling for that setup.

Use this skill only for a HarmonyOS project where you intend to add MobTech ShareSDK. Review each proposed file change and ohpm command before approving it. Treat appSecret, WeChat AppSecret, and client_id values as sensitive, keep the generated Excel file out of version control, and remove or protect it after integration.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README instructs the agent to read a project, generate templates, and create project documentation, but it does not explicitly warn that these actions may create or modify files inside the user's workspace. In an agent setting, missing disclosure and confirmation boundaries can lead to unintended file changes or broad workspace access, especially when the workflow is framed as an automated sequence.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.