Security audit

Harmonyos Dev

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only HarmonyOS development skill, and the risky-looking examples are relevant developer references rather than actions the skill runs itself.

This skill is reasonable to install as a HarmonyOS reference pack. Treat its code snippets as examples, not drop-in production code: review networking, downloads, telemetry, floating windows, sensitive permissions, and signing configuration carefully, and never paste real secrets or private signing material into the agent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list includes broad generic terms such as `@kit`, `HAP`, `HAR`, and `DevEco`, which can cause the skill to activate for unrelated user requests. Over-broad activation increases the chance of prompt/context hijacking, incorrect routing, and unintentional exposure of this skill's behavioral instructions in contexts where it should not run.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The output specification mandates a fixed Chinese response format without considering the user's language or explicit preference. This can degrade safety and reliability by causing the agent to ignore user intent, reducing clarity for non-Chinese users and making it harder for users to notice unsafe or incorrect advice.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The file download examples write remotely retrieved content directly to a caller-supplied local path without showing validation of the destination path, file existence checks, size/content validation, or overwrite protections. In a developer skill, this can encourage unsafe copy-paste patterns that may overwrite application data or persist untrusted content locally.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The document enumerates sensitive permissions such as contacts, location, background location, media access, and external storage, and includes runtime-permission code, but does not warn about least-privilege, user consent, or data-handling risks. In a developer skill, this can normalize overbroad permission requests and lead downstream users to build apps that collect sensitive data unnecessarily or insecurely.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The example shows how to create a global floating window with persistent visibility but does not warn about overlay abuse, clickjacking, spoofing, or user-visibility implications. In the context of an agent skill that teaches app development, providing this pattern without safeguards increases the chance that developers implement deceptive overlays or background UI elements that interfere with user trust and system integrity.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal