Harmonyos Sharesdk Integretion
PassAudited by VirusTotal on May 7, 2026.
Overview
Type: OpenClaw Skill Name: harmonyos-sharesdk-integretion Version: 1.0.2 The skill bundle is a legitimate integration tool for the MobTech ShareSDK in HarmonyOS NEXT projects. It uses a Python script (assets/generate_excel_template.py) to create a local configuration template and provides detailed instructions in SKILL.md for the agent to guide the user through dependency installation and code modification. While the skill handles sensitive API keys and performs file system operations, it includes explicit safeguards requiring user confirmation before any modifications and shows no signs of data exfiltration, malicious execution, or prompt injection attacks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the skill may change dependencies, permissions, metadata, and source files, and mistakes could break the app build or behavior.
The skill can run package-manager commands and modify project files, which is expected for SDK integration; the artifact also states that file changes must be shown and confirmed first.
所有写文件和改文件操作前,都必须先展示计划修改内容并等待用户确认。 ... ohpm install @zztsdk/zztcore ... ohpm install @zztsdk/sharesdk
Use version control, inspect the planned commands and diffs, and approve changes only for the intended HarmonyOS project.
AppSecrets or platform credentials could be exposed if the Excel file, chat transcript, or generated project files are shared or committed to a repository.
The workflow asks the user to place SDK and platform credentials in a project-local Excel file so the agent can read and use them. This is purpose-aligned for integration, but the credentials are sensitive.
复制到用户项目根目录并命名为 `ShareSDK_HarmonyOS_Config.xlsx` ... 明确要求用户填写:MobTech `appKey`、MobTech `appSecret` ... 微信 `AppSecret`
Keep the generated Excel file out of source control, delete it after integration if no longer needed, avoid providing unnecessary secrets, and rotate any credential that may have been exposed.