Back to skill

Security audit

Harmonyos Sharesdk Integretion

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent HarmonyOS ShareSDK integration guide, with expected project edits and credential handling for that setup.

Use this skill only for a HarmonyOS project where you intend to add MobTech ShareSDK. Review each proposed file change and ohpm command before approving it. Treat appSecret, WeChat AppSecret, and client_id values as sensitive, keep the generated Excel file out of version control, and remove or protect it after integration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README instructs the agent to read a project, generate templates, and create project documentation, but it does not explicitly warn that these actions may create or modify files inside the user's workspace. In an agent setting, missing disclosure and confirmation boundaries can lead to unintended file changes or broad workspace access, especially when the workflow is framed as an automated sequence.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.