← 返回 Skills 市场
Python包鸿蒙兼容性测试技能
作者
terry.King
· GitHub ↗
· v1.0.1
· MIT-0
414
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install python-harmony-compatibility-checker
功能描述
Check Python library compatibility with HarmonyOS. Downloads source from GitHub/PyPI, detects Windows-specific dependencies, runs pytest with per-test-case r...
安全使用建议
This skill does what it says (downloads package source, scans for Windows imports, runs tests and emits reports) but has two practical security concerns you should consider before installing or running it:
1) TLS bypass: The included script disables TLS certificate verification when downloading from GitHub/PyPI. That is unnecessary in normal environments and makes downloads susceptible to man-in-the-middle tampering. Ask the author to remove disabling of ssl verification (restore default SSL checks) or explain why it is required for your environment.
2) Execution of untrusted code: To assess compatibility the tool downloads packages and runs their test suites. Tests can execute arbitrary Python code (including network access, file operations, or deleting files). Only run this tool in an isolated sandbox (container, VM, or dedicated build runner) that has no access to secrets, credentials, or sensitive mounts. Prefer ephemeral environments; do not run on developer workstations or production hosts.
Other points to verify:
- Resolve the version mismatch between registry metadata (1.0.1) and manifest.json (1.2.0).
- If you need safer operation, request changes: re-enable SSL verification, add optional allowlist of trusted repos/packages, add explicit safeguards (no-network mode, resource/time limits, capability drops), and document exactly which subprocesses (pip, pytest) are invoked.
- Use --keep-source only for manual inspection in a safe place; retained sources may contain malicious code.
If the author provides evidence that TLS is only disabled for a narrow, documented HarmonyOS reason or they add sandboxing/allowlisting, my assessment would move toward benign. Until then, treat this skill as potentially risky but not clearly malicious.
功能分析
Type: OpenClaw Skill
Name: python-harmony-compatibility-checker
Version: 1.0.1
The skill bundle is classified as suspicious primarily due to the intentional disabling of SSL certificate verification (ssl.CERT_NONE) in scripts/check_compatibility.py when downloading package source code from GitHub and PyPI. While the tool's core functionality—downloading, installing, and executing third-party code via pip and pytest—is inherently high-risk, it is consistent with the stated purpose of a compatibility checker. However, the lack of transport security is a significant vulnerability that exposes the agent to Man-in-the-Middle (MITM) attacks during the download phase.
能力评估
Purpose & Capability
Name/description align with the code and SKILL.md: the script downloads package sources, scans for Windows imports, discovers and runs pytest tests, and writes reports. Small metadata inconsistency: registry metadata lists version 1.0.1 while manifest.json contains version 1.2.0 (minor mismatch that should be resolved). Overall functionality is coherent with the stated purpose.
Instruction Scope
Runtime instructions and the included script instruct the agent to download archives from GitHub/PyPI, extract them, install packages and run pytest test suites. Running tests implies executing untrusted third-party code (package test suites) which can perform arbitrary actions on the host — this is expected for a tester but is high-risk if not sandboxed. Additionally, the script explicitly disables SSL certificate verification when downloading from GitHub (ssl.CERT_NONE), which weakens transport security and could enable man-in-the-middle manipulation of the downloaded source.
Install Mechanism
No install spec (instruction-only skill) — low friction. However, the runtime code performs downloads and archive extraction to temporary directories and may install packages via pip/pytest at runtime. Those runtime actions write files and execute code; ensure they run in a confined environment.
Credentials
The skill does not request environment variables, credentials, or config paths. The lack of declared sensitive requirements is appropriate for its purpose. Note: because it downloads and executes third-party code, it should not be run in environments that expose secrets or privileged mounts.
Persistence & Privilege
always is false and the skill is user-invocable; it doesn't request persistent system-level privileges in the manifest. It writes reports and may keep downloaded sources if --keep-source is used; that is expected and limited to its own workspace.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install python-harmony-compatibility-checker - 安装完成后,直接呼叫该 Skill 的名称或使用
/python-harmony-compatibility-checker触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
新增功能
✅ pytest 集成 - 使用 pytest -v 运行测试并解析单个测试函数结果
✅ 单个测试用例报告 - 每个测试函数单独报告(如 test_file.py::test_func)
✅ Windows 依赖检测 - 扫描源码中的 Windows 特定导入
✅ 环境问题识别 - 区分权限问题和真实代码失败
✅ 双通过率指标 - 总体通过率 + 有效通过率
✅ 源码保留 - --keep-source 标志保留下载的源码
✅ 从已安装包发现测试 - 优先使用已安装的 site-packages 中的测试
✅ 报告文件名包含包信息 - compatibility_report_<包名>-<版本>_<时间戳>.json/md
改进
✅ 测试执行优化 - 从 /tmp 运行,使用 --import-mode=importlib
✅ 错误分类增强 - 更好的失败分类(环境 vs 代码 vs 平台)
✅ 文档精简 - SKILL.md 从 474 行减少到 216 行
✅ 进度报告 - 每 5 个测试文件显示进度
修复
✅ find_tests_in_source - 递归查找源码树中的测试目录
✅ SSL 证书处理 - 为 HarmonyOS 网络环境添加 SSL 绕过
✅ 误报修复 - 从 Windows 检测中排除标准库模块
v1.0.0
Initial release of Python HarmonyOS Compatibility Checker.
- Checks Python package compatibility with HarmonyOS by downloading source code, scanning for Windows-specific dependencies, and running official test suites.
- Generates detailed compatibility reports, including summary tables, Markdown reports, JSON outputs, test logs, and preserved source code (optional).
- Detects Windows-specific APIs (e.g., win32api, pywin32, pythoncom) and highlights incompatible packages.
- Presents individual test case results and detailed error analysis—including pass rates and environment issue separation.
- Supports checking multiple packages in parallel, via requirements files, or sequentially for debugging.
- Offers configurable options for parallel workers, source code retention, and custom test reporting.
元数据
常见问题
Python包鸿蒙兼容性测试技能 是什么?
Check Python library compatibility with HarmonyOS. Downloads source from GitHub/PyPI, detects Windows-specific dependencies, runs pytest with per-test-case r... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 414 次。
如何安装 Python包鸿蒙兼容性测试技能?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install python-harmony-compatibility-checker」即可一键安装,无需额外配置。
Python包鸿蒙兼容性测试技能 是免费的吗?
是的,Python包鸿蒙兼容性测试技能 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Python包鸿蒙兼容性测试技能 支持哪些平台?
Python包鸿蒙兼容性测试技能 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Python包鸿蒙兼容性测试技能?
由 terry.King(@terryking1992)开发并维护,当前版本 v1.0.1。
推荐 Skills