← Back to Skills Marketplace
Python包鸿蒙兼容性测试技能
by
terry.King
· GitHub ↗
· v1.0.1
· MIT-0
414
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install python-harmony-compatibility-checker
Description
Check Python library compatibility with HarmonyOS. Downloads source from GitHub/PyPI, detects Windows-specific dependencies, runs pytest with per-test-case r...
Usage Guidance
This skill does what it says (downloads package source, scans for Windows imports, runs tests and emits reports) but has two practical security concerns you should consider before installing or running it:
1) TLS bypass: The included script disables TLS certificate verification when downloading from GitHub/PyPI. That is unnecessary in normal environments and makes downloads susceptible to man-in-the-middle tampering. Ask the author to remove disabling of ssl verification (restore default SSL checks) or explain why it is required for your environment.
2) Execution of untrusted code: To assess compatibility the tool downloads packages and runs their test suites. Tests can execute arbitrary Python code (including network access, file operations, or deleting files). Only run this tool in an isolated sandbox (container, VM, or dedicated build runner) that has no access to secrets, credentials, or sensitive mounts. Prefer ephemeral environments; do not run on developer workstations or production hosts.
Other points to verify:
- Resolve the version mismatch between registry metadata (1.0.1) and manifest.json (1.2.0).
- If you need safer operation, request changes: re-enable SSL verification, add optional allowlist of trusted repos/packages, add explicit safeguards (no-network mode, resource/time limits, capability drops), and document exactly which subprocesses (pip, pytest) are invoked.
- Use --keep-source only for manual inspection in a safe place; retained sources may contain malicious code.
If the author provides evidence that TLS is only disabled for a narrow, documented HarmonyOS reason or they add sandboxing/allowlisting, my assessment would move toward benign. Until then, treat this skill as potentially risky but not clearly malicious.
Capability Analysis
Type: OpenClaw Skill
Name: python-harmony-compatibility-checker
Version: 1.0.1
The skill bundle is classified as suspicious primarily due to the intentional disabling of SSL certificate verification (ssl.CERT_NONE) in scripts/check_compatibility.py when downloading package source code from GitHub and PyPI. While the tool's core functionality—downloading, installing, and executing third-party code via pip and pytest—is inherently high-risk, it is consistent with the stated purpose of a compatibility checker. However, the lack of transport security is a significant vulnerability that exposes the agent to Man-in-the-Middle (MITM) attacks during the download phase.
Capability Assessment
Purpose & Capability
Name/description align with the code and SKILL.md: the script downloads package sources, scans for Windows imports, discovers and runs pytest tests, and writes reports. Small metadata inconsistency: registry metadata lists version 1.0.1 while manifest.json contains version 1.2.0 (minor mismatch that should be resolved). Overall functionality is coherent with the stated purpose.
Instruction Scope
Runtime instructions and the included script instruct the agent to download archives from GitHub/PyPI, extract them, install packages and run pytest test suites. Running tests implies executing untrusted third-party code (package test suites) which can perform arbitrary actions on the host — this is expected for a tester but is high-risk if not sandboxed. Additionally, the script explicitly disables SSL certificate verification when downloading from GitHub (ssl.CERT_NONE), which weakens transport security and could enable man-in-the-middle manipulation of the downloaded source.
Install Mechanism
No install spec (instruction-only skill) — low friction. However, the runtime code performs downloads and archive extraction to temporary directories and may install packages via pip/pytest at runtime. Those runtime actions write files and execute code; ensure they run in a confined environment.
Credentials
The skill does not request environment variables, credentials, or config paths. The lack of declared sensitive requirements is appropriate for its purpose. Note: because it downloads and executes third-party code, it should not be run in environments that expose secrets or privileged mounts.
Persistence & Privilege
always is false and the skill is user-invocable; it doesn't request persistent system-level privileges in the manifest. It writes reports and may keep downloaded sources if --keep-source is used; that is expected and limited to its own workspace.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install python-harmony-compatibility-checker - After installation, invoke the skill by name or use
/python-harmony-compatibility-checker - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
新增功能
✅ pytest 集成 - 使用 pytest -v 运行测试并解析单个测试函数结果
✅ 单个测试用例报告 - 每个测试函数单独报告(如 test_file.py::test_func)
✅ Windows 依赖检测 - 扫描源码中的 Windows 特定导入
✅ 环境问题识别 - 区分权限问题和真实代码失败
✅ 双通过率指标 - 总体通过率 + 有效通过率
✅ 源码保留 - --keep-source 标志保留下载的源码
✅ 从已安装包发现测试 - 优先使用已安装的 site-packages 中的测试
✅ 报告文件名包含包信息 - compatibility_report_<包名>-<版本>_<时间戳>.json/md
改进
✅ 测试执行优化 - 从 /tmp 运行,使用 --import-mode=importlib
✅ 错误分类增强 - 更好的失败分类(环境 vs 代码 vs 平台)
✅ 文档精简 - SKILL.md 从 474 行减少到 216 行
✅ 进度报告 - 每 5 个测试文件显示进度
修复
✅ find_tests_in_source - 递归查找源码树中的测试目录
✅ SSL 证书处理 - 为 HarmonyOS 网络环境添加 SSL 绕过
✅ 误报修复 - 从 Windows 检测中排除标准库模块
v1.0.0
Initial release of Python HarmonyOS Compatibility Checker.
- Checks Python package compatibility with HarmonyOS by downloading source code, scanning for Windows-specific dependencies, and running official test suites.
- Generates detailed compatibility reports, including summary tables, Markdown reports, JSON outputs, test logs, and preserved source code (optional).
- Detects Windows-specific APIs (e.g., win32api, pywin32, pythoncom) and highlights incompatible packages.
- Presents individual test case results and detailed error analysis—including pass rates and environment issue separation.
- Supports checking multiple packages in parallel, via requirements files, or sequentially for debugging.
- Offers configurable options for parallel workers, source code retention, and custom test reporting.
Metadata
Frequently Asked Questions
What is Python包鸿蒙兼容性测试技能?
Check Python library compatibility with HarmonyOS. Downloads source from GitHub/PyPI, detects Windows-specific dependencies, runs pytest with per-test-case r... It is an AI Agent Skill for Claude Code / OpenClaw, with 414 downloads so far.
How do I install Python包鸿蒙兼容性测试技能?
Run "/install python-harmony-compatibility-checker" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Python包鸿蒙兼容性测试技能 free?
Yes, Python包鸿蒙兼容性测试技能 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Python包鸿蒙兼容性测试技能 support?
Python包鸿蒙兼容性测试技能 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Python包鸿蒙兼容性测试技能?
It is built and maintained by terry.King (@terryking1992); the current version is v1.0.1.
More Skills