Harmonyos Moblink Integration
AdvisoryAudited by Static analysis on May 9, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may change project dependencies and source/config files, which could break builds or alter app behavior if the wrong project path or settings are used.
The skill is expected to mutate the user's HarmonyOS project by installing dependencies and editing configuration files.
Agent 安装 ohpm 依赖、配置权限和 URI scheme。
Use it only on a project you control, keep a backup or version-control checkpoint, and review diffs before accepting changes.
The agent and local project files may handle a credential that should not be exposed or committed to a repository.
The generated configuration template asks the user to provide a MobTech app secret.
["appSecret", "MobTech 应用密钥,与 appKey 一同获取", ""]
Treat MobLink_Config.xlsx as sensitive, exclude it from version control if it contains secrets, and rotate the appSecret if it is accidentally shared.
The resulting app could request or allow privacy-sensitive data collection unless the user intentionally narrows these settings.
The privacy configuration template includes defaults that allow collection of sensitive device-related data if carried through into integration code.
["allowLocationData", "是否允许 MobLink 主动采集地理位置信息:是/否", "是"], ... ["allowAppListData", "是否允许 MobLink 主动采集应用列表信息:是/否", "是"]
Set each collection option to the minimum needed, confirm the app's privacy notice and consent flow, and avoid enabling location, device ID, or app-list collection unless required.
The project will depend on external packages whose versions and provenance affect the app's security and build reproducibility.
The workflow pulls third-party SDK packages from the ohpm ecosystem as part of the integration.
ohpm install @zztsdk/zztcore ohpm install @zztsdk/moblink
Verify the package names against MobTech/OpenHarmony documentation, review the installed versions, and commit a lockfile or pin versions where appropriate.
Local code execution is expected for this skill, though the provided script appears limited to creating an .xlsx file.
Normal use includes executing the included local Python helper script, which generates an Excel template.
python3 assets/generate_excel_template.py
Run the helper from the skill directory after reviewing it, and use a normal project/virtual environment with the needed Python dependencies.