ohos-test-fuzz-generation

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill orchestrates a multi-stage workflow using subprocess.run in tools/fuzz_generator.py and tools/fuzz_check.py. These calls are used to execute internal Python scripts (e.g., seed_generator.py and rule-specific scripts in check_scripts/) to populate the test corpus and perform static analysis. Arguments are passed as lists (argv), and shell=True is not utilized, mitigating common command injection vulnerabilities.
  • [SAFE]: The core logic of the skill is inherently defensive. It contains 26 check scripts designed to identify security anti-patterns in C++ code, such as uninitialized global pointers, direct data pointer dereferencing, and the use of non-reproducible random functions (rand()).
  • [DATA_EXPOSURE]: The tool parses local C++ header files and source code to generate test cases. Analysis of the tools (header_parser.py, generate_report.py) confirms that no data is transmitted over the network; all results are written to local files specified by the user or within the project directory.
  • [NO_CODE]: While the skill contains significant Python logic, the generated C++ code follows standard OpenHarmony testing templates and does not include malicious payloads.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 12:41 PM
Security Audit — agent-trust-hub — ohos-test-fuzz-generation