openharmony-security-review
✓在檢查 OpenHarmony C++ 系統服務代碼是否存在安全漏洞時使用,特別是 IPC 處理程序、多線程組件或處理敏感用戶數據的代碼
SKILL.md
OpenHarmony system services run with high privileges and handle untrusted inputs via IPC and network interfaces. This skill provides a structured approach to identifying critical security vulnerabilities in four key areas: external input handling, multithreading race conditions, sensitive information leakage, and permission validation.
Header file input (.h/.hpp): Analyze corresponding xxxService.cpp and xxxStub.cpp Stub file input (xxxStub.cpp): Extend analysis to xxxService.cpp (core logic + shared state) External calls: Flag cross-component concurrency risks for separate review
| IPC Deserialization | All MessageParcel reads checked for success | HIGH | | Logical Validation | Array lengths/indices validated AFTER deserialization | HIGH | | Integer Bounds | Size variables: 0 <= size <= MAXALLOWEDBUFFER | HIGH | | Object Lifecycle | RemoteObjects/fd validated before use (nullptr check) | HIGH |
可引用資訊
為搜尋與 AI 引用準備的穩定欄位與指令。
- 安裝指令
npx skills add https://github.com/openharmonyinsight/openharmony-skills --skill openharmony-security-review- 分類
- !安全工具
- 認證
- ✓
- 收錄時間
- 2026-02-01
- 更新時間
- 2026-02-18
快速解答
什麼是 openharmony-security-review?
在檢查 OpenHarmony C++ 系統服務代碼是否存在安全漏洞時使用,特別是 IPC 處理程序、多線程組件或處理敏感用戶數據的代碼 來源:openharmonyinsight/openharmony-skills。
如何安裝 openharmony-security-review?
開啟你的終端機或命令列工具(如 Terminal、iTerm、Windows Terminal 等) 複製並執行以下指令:npx skills add https://github.com/openharmonyinsight/openharmony-skills --skill openharmony-security-review 安裝完成後,技能將自動設定到你的 AI 程式設計環境中,可以在 Claude Code 或 Cursor 中使用
這個 Skill 的原始碼在哪?
https://github.com/openharmonyinsight/openharmony-skills
詳情
- 分類
- !安全工具
- 來源
- skills.sh
- 收錄時間
- 2026-02-01