ohos-dev-distributed-device-image-flashing

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches OpenHarmony system images from the official daily build service at dcp.openharmony.cn.
  • [COMMAND_EXECUTION]: Executes hdc (Huawei Device Connector) and Python scripts to manage device flashing. Destructive operations are protected by an interactive confirmation prompt requiring the user to type 'FLASH' before proceeding.
  • [SAFE]: The download_daily.py script includes a safe_extract function that validates archive members to prevent path traversal attacks, ensuring files cannot be written outside the designated output directory.
  • [SAFE]: The skill provides comprehensive warnings and recovery documentation for potential failure scenarios such as power loss or network disconnection during the flash process.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 01:42 PM
Security Audit — agent-trust-hub — ohos-dev-distributed-device-image-flashing