Midscene Automations Skills for HarmonyOS
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill fits its HarmonyOS automation purpose, but it gives the agent broad control over a connected device, including raw HDC shell commands, and relies on external model credentials.
Install or use this only if you trust the Midscene npm package and the chosen model provider. Prefer a test device, confirm the HDC target before running commands, keep API keys scoped, and manually approve any raw HDC shell command or destructive device action.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on a real device, the agent could change settings, type into apps, delete visible content, or run low-level device commands beyond what the user intended.
The skill exposes broad device-control operations, including autonomous UI actions and a raw HDC shell escape hatch, without documented allowlists or explicit confirmation requirements for sensitive or destructive actions.
`act` ... autonomously handles all UI interactions internally — tapping, typing, scrolling...; `runhdcshell --command` ... forwarded to `hdc shell`
Use this only on test devices or with close supervision; require manual approval for raw HDC shell commands, app/account changes, purchases, deletions, or credential entry.
Updates or compromise of the external package could affect the device automation behavior and any connected-device access.
`npx -y` will execute an external npm package, and `@1` is a major-version reference rather than an exact reviewed version. This is disclosed and purpose-aligned, but the executable package code is not part of the supplied artifacts.
Automate HarmonyOS NEXT devices using `npx -y @midscene/harmony@1`.
Prefer an exact pinned version, verify the npm package source, and run it in a controlled environment before using it with sensitive devices or accounts.
A model API key placed in the environment or `.env` file may incur costs or expose access to the model account if mishandled.
The workflow needs model-provider credentials. That is expected for Midscene, but it is sensitive authority and the registry metadata lists no required environment variables.
MIDSCENE_MODEL_API_KEY="your-api-key" ... MIDSCENE_MODEL_BASE_URL="https://..."
Use a dedicated, least-privileged API key, avoid sharing `.env` files, and revoke or rotate the key after testing if needed.
Screenshots can contain private messages, account details, or other sensitive on-screen information that may leave the device during model-based analysis.
The automation loop depends on screenshots and a configured external vision model endpoint, so visible device content may be processed by the selected provider.
Operates entirely from screenshots ... Midscene requires models with strong visual grounding capabilities.
Use a trusted model provider, understand its data-retention policy, and avoid running the skill on screens containing sensitive personal or business information unless necessary.