Harmonyos Sharesdk Integretion
AdvisoryAudited by Static analysis on May 7, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the skill may change dependencies, permissions, metadata, and source files, and mistakes could break the app build or behavior.
The skill can run package-manager commands and modify project files, which is expected for SDK integration; the artifact also states that file changes must be shown and confirmed first.
所有写文件和改文件操作前,都必须先展示计划修改内容并等待用户确认。 ... ohpm install @zztsdk/zztcore ... ohpm install @zztsdk/sharesdk
Use version control, inspect the planned commands and diffs, and approve changes only for the intended HarmonyOS project.
AppSecrets or platform credentials could be exposed if the Excel file, chat transcript, or generated project files are shared or committed to a repository.
The workflow asks the user to place SDK and platform credentials in a project-local Excel file so the agent can read and use them. This is purpose-aligned for integration, but the credentials are sensitive.
复制到用户项目根目录并命名为 `ShareSDK_HarmonyOS_Config.xlsx` ... 明确要求用户填写:MobTech `appKey`、MobTech `appSecret` ... 微信 `AppSecret`
Keep the generated Excel file out of source control, delete it after integration if no longer needed, avoid providing unnecessary secrets, and rotate any credential that may have been exposed.