client-report-generator
v1.0.0Generate professional client-facing reports from raw data, metrics, and KPIs. Supports analytics summaries, project status reports, monthly/weekly performanc...
⭐ 0· 14·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the included assets: two Python scripts implement data parsing and markdown→HTML conversion, templates and instructions cover expected report types. No unexpected env vars, binaries, or remote services are required.
Instruction Scope
SKILL.md stays focused on ingest→analyze→template→generate. It does instruct the agent that URLs may be accepted and to 'Use `web_fetch` to extract visible data' when given dashboard/analytics URLs — this is reasonable for a report tool but implies the agent will fetch remote pages if the user supplies URLs, so users should avoid giving sensitive dashboard links. The instructions also tell the agent to read local files provided as inputs (CSV/JSON), which is expected.
Install Mechanism
There is no install spec — the skill is instruction-only with included Python scripts. No downloads from remote or package installs are present.
Credentials
The skill declares no required environment variables, credentials, or config paths. The code does not reference external secrets or unrelated services.
Persistence & Privilege
always is false and the skill does not request persistent/always-on presence or modify other skills. It is user-invocable and can be called autonomously by agents (platform default), which is normal.
Assessment
This skill appears to do what it says: it reads user-provided CSV/TSV/JSON files or (if you supply a URL) fetches visible data from web pages, then produces markdown and optional HTML. Before installing or using it, consider: 1) Only provide non-sensitive files or dashboards (the SKILL.md allows web_fetch for URLs). 2) The scripts run locally with Python and will read any input file path you give them — don't point it at system files or secrets. 3) The HTML converter uses simple regex-based markdown handling and does not comprehensively sanitize arbitrary HTML in inputs (avoid feeding untrusted HTML-marked content if you care about XSS-like issues). 4) There are no requested credentials or external installs. If you want extra assurance, review or run the two scripts on sample data in a sandboxed environment before using them with real client data.Like a lobster shell, security has layers — review code before you run it.
latestvk97b8kh5vg66yw2jyhm0bpen7h84j331
License
MIT-0
Free to use, modify, and redistribute. No attribution required.