CPMO 日报自动化
ReviewAudited by ClawScan on May 10, 2026.
Overview
The workflow is coherent, but it repeatedly reads private local work data and can automatically sync it to a hard-coded Feishu table, so it needs careful review before use.
Install only if you are the intended user or organization, recognize the Apple Notes folder/note, calendars, reminder lists, local paths, and Feishu base/table, and are comfortable with scheduled daily reads and Feishu writes. Make the Feishu destination configurable, narrow the local queries, and review the first few generated reports before allowing automatic sync.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your local work notes, calendar-derived schedule, reminders, and summaries could be written to a Feishu table that may not belong to you.
The skill directs generated work-report data to a specific hard-coded Feishu base/table and names a specific submitter, rather than requiring the installing user to configure their own destination.
飞书表格 - 日报归档 ... URL: https://my.feishu.cn/base/ZhrMb0hAMa4A3IsvyZPcw7Gbn8d ... App Token ... Table ID ... 日报提交人:张洋
Only use this if you recognize and control the Feishu base/table. Make the Feishu destination, submitter, and credentials explicit user configuration, and require confirmation before first write.
Sensitive project notes, calendars, reminders, risks, and pending items may enter the agent context and be reused in generated reports.
The skill repeatedly pulls private local work context into the agent before generating reports and syncing summaries externally.
每次汇报前必须重新读取所有数据源 ... Apple Notes 工作日志 ... macOS Calendar 日程 ... 提醒事项 ... 本地台账
Limit the allowed note, calendars, reminder lists, and local files; exclude personal/private entries; and review generated content before external sync.
The agent may see more local schedule or reminder data than is strictly needed for a single daily report.
The documented commands use local automation and CLI access to retrieve calendar and reminder data, including broad queries that are filtered afterward.
osascript -e 'tell application "Calendar" to get {summary, start date} of every event of calendar "张洋的日历 "' ... remindctl show --jsonPrefer date- and list-filtered commands before exposing data to the agent, and grant macOS automation permissions only after reviewing the exact commands.
If the cron setup is enabled, the skill may continue reading and syncing work data every day.
The skill includes scheduled agent turns for morning and evening reports, meaning it is designed for recurring autonomous operation.
"schedule": {"kind": "cron", "expr": "0 8 * * *" ...} ... "expr": "30 17 * * *"Enable the schedules only intentionally, document how to disable them, and consider requiring approval before external messages or table writes.
A user may not realize from metadata alone that the skill needs local app automation and Feishu access.
The registry metadata does not declare provenance, helper requirements, or Feishu/macOS access needs, even though the SKILL.md instructions depend on them.
Source: unknown; Homepage: none; Required binaries ... none; Required env vars: none
Declare required tools, credentials, platform assumptions, and the intended Feishu workspace in metadata before publication.