ohos-test-fuzz-generation
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill orchestrates a multi-stage workflow using
subprocess.runintools/fuzz_generator.pyandtools/fuzz_check.py. These calls are used to execute internal Python scripts (e.g.,seed_generator.pyand rule-specific scripts incheck_scripts/) to populate the test corpus and perform static analysis. Arguments are passed as lists (argv), andshell=Trueis not utilized, mitigating common command injection vulnerabilities. - [SAFE]: The core logic of the skill is inherently defensive. It contains 26 check scripts designed to identify security anti-patterns in C++ code, such as uninitialized global pointers, direct data pointer dereferencing, and the use of non-reproducible random functions (
rand()). - [DATA_EXPOSURE]: The tool parses local C++ header files and source code to generate test cases. Analysis of the tools (
header_parser.py,generate_report.py) confirms that no data is transmitted over the network; all results are written to local files specified by the user or within the project directory. - [NO_CODE]: While the skill contains significant Python logic, the generated C++ code follows standard OpenHarmony testing templates and does not include malicious payloads.
Audit Metadata