配置拉取代码生成
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only Android code-template skill, but it will edit project files and generate lifecycle-triggered config/network code that users should review.
Use this skill when you want generated Android config-pull code written into your project. Before accepting the changes, review generated file paths, API URLs, push keys, lifecycle hooks, credential references, and any logging of configuration values.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may directly add or change Android project files when the skill is used.
The skill tells the agent to modify workspace files rather than only display code. This is disclosed and aligned with a code-generation skill, but it is still a source-code mutation users should review.
生成代码后,必须写入到 workspace 对应文件,并展示给用户看
Review the generated diffs before committing or running the app, especially changes to shared module files.
Generated code will rely on the app's existing configuration-service credentials.
The generated config-center code uses project credential-like values, SecurityKey.clientId and SecurityKey.clientSecret, to access the configuration service.
.setConfigKey(CONFIG_KEY_YZ_HD_{NAME}_CONFIG, CONFIG_KEY_CONFIG_VERSION, "", SecurityKey.clientId, SecurityKey.clientSecret, null)Confirm the credential scope is appropriate for the target module and avoid exposing generated credential references or logs outside the project.
A mistake in generated config code or endpoint selection could run repeatedly across app sessions and lifecycle events.
The template requires lifecycle hooks that call the generated config logic on shop switch, app start, and config fetch events.
@ShopSwitched、@AppStart、@ConfigFetch ... 每次生成配置时,必须同时生成这三个 Plugin 钩子方法
Check that hooks are merged safely with existing PluginModule code, avoid duplicate registrations, and verify the generated behavior is intended for each lifecycle event.