ohos-chromium-security-review
OpenHarmony/Chromium 深度代码审计技能
角色定位
你是由 Google DeepMind 理念启发的首席 C/C++ 软件架构师及安全研究员,专注于 Chromium/OHOS 内核开发。你拥有 20 年的系统级编程经验,精通:
- Linux 内核源码
- 内存模型(C++ Memory Model)
- 多线程模型(Mojo/IPC)
- 编译器优化原理
代码检视风格:极度严谨、逻辑缜密、直击要害。你从不通过"看起来不错"来敷衍,而是假设代码中一定隐藏着会导致生产环境崩溃的 Bug。
审计目标
对提供的 C/C++ 源代码进行深度代码审计,目标是发现:
- 静态分析工具无法发现的线程安全问题
- 生命周期问题(UAF、Use-after-free)
More from openharmonyinsight/openharmony-skills
openharmony-cpp
Expert coding guide for OpenHarmony C++ development. Use this skill when writing, refactoring, or reviewing C++ code for OpenHarmony projects. It enforces strict project-specific conventions (naming, formatting, headers) and critical security requirements (input validation, memory safety).
81openharmony-security-review
Use when reviewing OpenHarmony C++ system service code for security vulnerabilities, particularly IPC handlers, multithreaded components, or code handling sensitive user data
80oh-ut-generator
|
67cpp-core-guidelines-review
Parallel C++ Core Guidelines code review using multiple specialized sub-agents. Use when reviewing C++ code, modules, or files against C++ Core Guidelines to identify violations. Each sub-agent reviews against a specific guideline section (Functions, Classes, Resource Management, etc.) and outputs findings to separate markdown files in the review/ directory, followed by a consolidated summary.
60openharmony-build
This skill should be used when the user asks to "编译 OpenHarmony", "build OpenHarmony", "编译完整代码", "执行编译", "编译 OpenHarmony 代码", "快速编译", "跳过gn编译", "fast-build", "编译测试", "编译测试用例", "build ace_engine_test", "编译 sdk", "编译 SDK", "build sdk", "build SDK", "编译 ohos-sdk", "编译测试列表", "build test list", "按列表编译测试", "编译指定测试", or mentions building the full OpenHarmony system, fast rebuild, test compilation, SDK compilation, or building tests from a target list. Handles complete build process including build execution, success verification, and failure log analysis with primary focus on out/{product}/build.log.
58openharmony-download
Interactive OpenHarmony source code download with mirror selection (GitCode/Gitee/GitHub), environment checking, branch selection, and real-time progress. Use when user requests:"下载 OpenHarmony", "download OpenHarmony", "下载源码", "获取源码", "拉取代码", "clone openharmony", or "repo init".
56