Harmonyos Mobpush Integration
ReviewAudited by ClawScan on May 9, 2026.
Overview
This skill is a purpose-aligned MobPush integration guide that makes project changes only after user confirmation, but users should review the dependency installs, app credentials, and source-code edits before proceeding.
Before installing or using this skill, check that you want the agent to edit your HarmonyOS project, install the listed ohpm packages, and handle MobPush appKey/appSecret values. Use version control, review each proposed change, and avoid committing generated credential files unless that is intentional.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may install packages and edit project files, which can affect builds or app behavior.
The skill anticipates local project mutation and command execution, but it also requires explicit user confirmation before each operation.
每步操作前都需要展示内容给用户确认,获得明确同意后再执行。
Approve only after reviewing the exact commands and file diffs, and keep the project under version control so changes can be reverted.
MobPush app credentials may be written into a project-root Excel file and source code, so they could be exposed if committed or shared.
The workflow asks the user to provide MobPush app credentials and later uses them in SDK initialization, which is expected for this integration but still sensitive.
"基础信息":appKey、appSecret、鸿蒙包名
Confirm this is the intended MobPush credential handling pattern, avoid sharing generated config files unnecessarily, and consider excluding temporary credential files from version control.
Installing unpinned dependencies can change project behavior depending on the package versions resolved at install time.
The skill instructs installing external SDK packages without pinned versions. This is purpose-aligned, but package provenance and versioning should be reviewed.
ohpm install @zztsdk/zztcore ohpm install @zztsdk/mobpush
Verify the packages are the official MobTech HarmonyOS SDK packages and pin or lock dependency versions after installation.
Running the helper script writes a template file inside the skill assets before it is copied into the project.
The bundled Python helper writes an Excel template file. The code is straightforward and scoped, but it is still local code execution.
output_path = Path(__file__).resolve().parent / "MobPush_Config_Template.xlsx" wb.save(output_path)
Run the helper only from the trusted skill directory and ensure Python dependencies such as openpyxl are installed from trusted sources.