ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AppDev Skill - 通用应用软件开发工作流

通用应用软件开发完整工作流(HarmonyOS版)。支持从需求到部署的全流程开发管理。 包含:产品功能设计、代码生成、TDD开发、调试诊断、编译验证、版本管理。 适用于各类HarmonyOS应用的快速开发。 当用户需要开发HarmonyOS应用、生成代码、管理开发进度、进行TDD开发时触发。 关键词:开发应用、生...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 22 · 0 current installs · 0 all-time installs
by@ShiXiangYu2
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (HarmonyOS app dev workflow) align with the included files: code-generation templates, TDD helpers, build-checks, mock server, CI pipeline and many helper scripts. However the repository clearly derives from a coffee-app base (demo data, DEBUG/demo content referencing DIYCoffee) and includes AI-assisted tooling (ai-generate.sh) and sync/Mock server scripts that imply network/API usage not reflected in declared requirements. This is plausible for the stated purpose but the AI/network pieces are under-declared.
Instruction Scope
SKILL.md instructs the agent to run a large set of local scripts (init, generate, tdd, build-check, update, quick.sh shortcuts). Those scripts create and modify files in the project (e.g., demo-prep.sh writes DevMode files and demo data, setup-hooks.sh installs Git hooks, scripts may sed/modify service files). The runtime instructions do not direct reading unrelated system secrets, but several scripts will modify repository contents and install hooks — actions with real side effects that users should expect and review.
Install Mechanism
There is no external install spec; this is instruction-plus-scripts only. No downloads from unknown URLs were observed in the provided content. Risk is limited to the scripts' local file operations rather than arbitrary code pulled from remote hosts.
!
Credentials
Declared requirements list no env vars or credentials, but the skill advertises AI-assisted features (ai-generate.sh) and sync/mock-server tools that typically require network access and API credentials (OpenAI/other LLM APIs, package registries, or remote sync endpoints). Those credentials are not declared as required, which is an inconsistency: if you plan to use AI features you should expect to provide API keys and verify where those scripts send data. Additionally scripts may call external CLIs (devecoc, hdc) if available — the SKILL.md references them but they are optional.
Persistence & Privilege
always:false and agent autonomous invocation are normal. The scripts do modify project files (create demo files, add DevMode, install Git hooks). That level of persistence/change is reasonable for a developer workflow but is a material privilege: installing hooks and writing code/templates will change a repo. The skill does not attempt to modify other skills or system-wide agent config in the supplied files.
What to consider before installing
Before installing or running this skill: 1) Review ai-generate.sh, sync.sh and mock-server.sh to see whether they call external APIs or expect API keys (and where they send data). 2) Inspect setup-hooks.sh and demo-prep.sh — they write files and install Git hooks (run these only in a sandbox or test repository first). 3) Do not run scripts against production repositories without a backup (they may modify service files and create demo data). 4) If you intend to use AI-assisted features, treat any required API keys as sensitive and confirm the scripts do not leak them to third-party endpoints. 5) If uncertain, run the workflow in an isolated environment (throwaway git repo / VM / container) and open the scripts to audit network calls (curl/npm/ node invocations) and any sed/write operations before trusting them.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
app-developmentvk976wzk26wzzd4pjc7zb15ny9s838ey5code-generationvk976wzk26wzzd4pjc7zb15ny9s838ey5harmonyosvk976wzk26wzzd4pjc7zb15ny9s838ey5latestvk976wzk26wzzd4pjc7zb15ny9s838ey5tddvk976wzk26wzzd4pjc7zb15ny9s838ey5workflowvk976wzk26wzzd4pjc7zb15ny9s838ey5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

AppDev Skill:通用应用软件开发全流程

从需求到部署,六阶段标准化开发流程。

┌─────────┐    ┌─────────┐    ┌─────────┐    ┌─────────┐    ┌─────────┐    ┌─────────┐
│  产品   │ →  │  规划   │ →  │  生成   │ →  │  实现   │ →  │  验证   │ →  │  集成   │
│(Product)│    │ (Plan)  │    │(Generate)│   │(Implement)│   │(Validate) │   │(Integrate)│
└─────────┘    └─────────┘    └─────────┘    └─────────┘    └─────────┘    └─────────┘
    1h            30min          1h            2-4h           30min          30min
   PRD文档       需求对齐       代码骨架       业务逻辑       编译+测试       版本归档

前置依赖

  • DevEco Studio 4.0+
  • HarmonyOS SDK 6.0+
  • Node.js >= 18
  • TypeScript 5.0+

快速开始

# 1. 初始化项目
bash scripts/init-project.sh ./MyApp MyFeature

# 2. 产品功能设计
bash scripts/quick.sh prd init '核心功能'

# 3. AI辅助生成 (v2.0)
bash scripts/quick.sh ai service --prd=docs/prd/核心功能_PRD.md
bash scripts/quick.sh ai page --prd=docs/prd/核心功能_PRD.md
bash scripts/quick.sh ai tests --for=MyService

# 或传统生成
bash scripts/quick.sh gen model MyModel
bash scripts/quick.sh gen service MyService
bash scripts/quick.sh gen list-page MyList

# 4. TDD开发
bash scripts/quick.sh tdd start MyService myMethod

# 5. 架构可视化
bash scripts/quick.sh viz html

# 6. 质量报告
bash scripts/quick.sh report

# 7. 性能分析 (v2.0)
bash scripts/quick.sh perf analyze

# 8. 协作同步 (v2.0)
bash scripts/quick.sh sync status

# 9. 自动化流水线
bash scripts/quick.sh pipeline run --from=generate --to=verify
bash scripts/fill-logic.sh MyService myMethod
bash scripts/tdd.sh run

# 5. 编译验证
bash scripts/build-check.sh

# 6. 版本归档
./update.sh minor "完成核心功能"

六阶段开发流程

阶段1:产品功能设计(1小时)

目标:产出可开发的PRD文档

# 初始化PRD
bash scripts/prd.sh init '功能名称'

# 生成用户流程
bash scripts/prd.sh flow '功能名称'

# 设计数据埋点
bash scripts/prd.sh tracking '功能名称'

输出

  • docs/prd/功能名称_PRD.md - 完整需求文档
  • docs/prd/功能名称_flow.md - 用户流程图
  • docs/prd/功能名称_tracking.md - 埋点设计

阶段2:规划(30分钟)

目标:明确技术方案与排期

编辑 PROJECT.md

# PROJECT.md

## 需求概述
- 功能名称:UserService
- 功能描述:用户管理核心服务
- 复杂度评估:中
- Fallback方案:本地缓存兜底

## 接口定义
```typescript
interface UserRequest {
  userId: string;
  options?: UserOptions;
}

interface UserResponse {
  user: User;
  permissions: string[];
}

检查点

  • 数据模型定义
  • 核心算法实现
  • DevEco编译通过
  • 单元测试覆盖>60%
  • 规范检查通过>90分

---

### 阶段3:生成(1小时)

```bash
# 生成数据模型
bash scripts/generate.sh model User

# 生成服务骨架
bash scripts/generate.sh service UserService

# 生成页面骨架
bash scripts/generate.sh page UserPage

# 生成Mock数据
bash scripts/generate.sh mock UserAPI

阶段4:实现(2-4小时)

4.1 TDD开发流程(推荐)

# 1. 启动TDD流程
bash scripts/tdd.sh start UserService getUserInfo

# 2. 运行测试(Red Phase)
bash scripts/tdd.sh run

# 3. 智能填充代码
bash scripts/fill-logic.sh UserService getUserInfo

# 4. 运行测试(Green Phase)
bash scripts/tdd.sh run

# 5. 重构检查
bash scripts/tdd.sh refactor

4.2 调试诊断

# 查看日志
bash scripts/debug.sh . logs 100

# 检查Service状态
bash scripts/debug.sh . state

# 性能分析
bash scripts/debug.sh . perf

# 全面诊断
bash scripts/debug.sh . analyze

阶段5:验证(30分钟)

# DevEco编译检查
bash scripts/build-check.sh

# 规范检查
bash scripts/lint.sh src/services/UserService.ts

# 单元测试
bash scripts/test.sh UserService

# 验收清单
bash scripts/prd.sh checklist '功能名称'

阶段6:集成(30分钟)

# 更新版本
./update.sh minor "完成用户管理功能"

# 自动执行:
# - 更新 version.json
# - 写入 CHANGELOG.md
# - 运行规范检查
# - 运行编译验证
# - 生成代码统计报告
# - 备份到 versions/

工具脚本清单

脚本用途使用阶段
init-project.sh项目初始化开始
prd.shPRD/流程/埋点产品设计
generate.sh代码生成生成
tdd.shTDD流程实现
fill-logic.sh代码填充实现
update-logic.sh增量更新实现
debug.sh调试诊断实现/验证
build-check.sh编译验证验证
lint.sh规范检查验证
test.sh测试运行验证
demo-prep.sh演示准备集成
update.sh版本管理集成

v1.2 新增工具

脚本用途使用阶段
quick.sh快捷命令集全流程
visualize.sh架构可视化规划/验证
setup-hooks.shGit Hooks 安装全流程
mock-server.shMock API 服务实现
quality-report.sh质量报告生成验证
suggest.sh智能建议全流程
pipeline.sh自动化流水线全流程

v2.0 新增工具 (AI辅助)

脚本用途使用阶段
ai-generate.shAI辅助代码生成生成/实现
sync.sh多开发者协作全流程
perf-report.sh性能监控报告验证

项目结构

MyApp/
├── docs/
│   ├── prd/                    # PRD文档
│   └── api/                    # API文档
├── src/
│   ├── models/                 # 数据模型
│   ├── services/               # 业务服务
│   ├── pages/                  # 页面组件
│   ├── viewmodels/             # 状态管理
│   └── common/                 # 公共工具
├── test/
│   ├── unittest/               # 单元测试
│   └── e2e/                    # E2E测试
├── scripts/                    # 工作流脚本
├── templates/                  # 代码模板
├── references/                 # 参考资料
├── PROJECT.md                  # 项目配置
└── version.json                # 版本信息

规范检查规则

规则ID级别说明
HOS-001警告使用@ObservedV2替代@Observed
HOS-002错误禁止使用any类型
HOS-003错误硬编码字符串必须使用$r引用
PERF-001警告避免在循环中使用await
PERF-002错误大列表必须使用LazyForEach
SEC-001错误敏感数据使用SecureStorage
SEC-002错误日志禁止输出敏感信息
ERR-001警告async函数必须有错误处理
BUILD-001错误DevEco编译必须通过

优先级定义

P0 - 必须完成(阻塞演示)
├── 核心功能接口
├── 基础页面结构
└── 数据流打通

P1 - 应该完成(完整体验)
├── 增强交互
├── 错误处理
└── 性能优化

P2 - 可以延后(锦上添花)
├── 动效细节
├── 高级功能
└── 统计分析

故障排查

编译失败

bash scripts/build-check.sh --verbose

运行时崩溃

bash scripts/debug.sh . logs 100
hdc hilog | grep MyApp

测试失败

bash scripts/tdd.sh status
bash scripts/debug.sh . analyze

版本历史

版本日期更新内容
v2.02026-03-20AI辅助生成、实时协作、性能监控 (98分)
v1.22026-03-20架构可视化、Git Hooks、Mock服务、质量报告 (97分)
v1.12026-03-20快捷命令、健康检查、智能建议、自动化流水线、增强模板 (95分)
v1.02026-03-20初始版本,六阶段流程 (92分)

版本:v2.0 评分:98/100 状态:已完成全部规划功能 适用范围:HarmonyOS 4.0+ 应用开发 许可证:MIT

Files

33 total
Select a file
Select a file to preview.

Comments

Loading comments…