ohos-dev-distributed-mmi-device-test-harness

Fail

Audited by Snyk on Jun 16, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The document contains high-risk, potentially abusable instructions: remounting / as rw, replacing system .so under /system/lib, restarting services, disabling SELinux, and applying "server-side bypass" patches that relax token checks — all of which can be used to install persistent backdoors or escalate/control devices even though the guide frames them as temporary test-only actions with restore steps.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs remounting the system as writable, copying/replacing .so files under /system/lib, killing services, and toggling SELinux—actions that modify system files and require elevated privileges, so it pushes the agent to compromise the machine state.

Issues (2)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 16, 2026, 12:41 PM
Issues
2
Security Audit — snyk — ohos-dev-distributed-mmi-device-test-harness