深度技术报告生成器
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s report-generation purpose is coherent, but it can automatically publish generated content to IMA and Tencent Docs using local credentials without a clear final approval step.
Use this skill in local-only mode first if possible. Before allowing sync, confirm the exact IMA knowledge base, Tencent Docs destination, document title, and content; make sure the local IMA credentials are intended for this workspace and that the report contains no confidential or unreviewed information.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A report could be uploaded to a team knowledge base or Tencent Docs before the user has reviewed the content, title, destination, or sharing implications.
The skill directs the agent to upload the generated report to IMA and create a Tencent document as part of the normal workflow, but it does not clearly require a final user confirmation before these account-mutating actions.
### Phase 5:自动同步分发 ... 使用 curl PUT 上传文件到 COS ... 调用 add_knowledge 完成入库 ... 使用 `mcp__tencent-docs__create_smartcanvas_by_mdx` 工具
Require an explicit confirmation step before any upload or document creation, show the exact destination, title, and content summary, and provide a dry-run/local-only mode.
Installing users may not realize the skill expects access to local IMA credentials that can create or modify knowledge-base content under their account or workspace.
The workflow reads local IMA account credentials and uses them to authenticate API calls, while the registry metadata declares no primary credential or required config path.
CLIENT_ID=$(cat ~/.config/ima/client_id) API_KEY=$(cat ~/.config/ima/api_key) ... -H "client_id: $CLIENT_ID" \ -H "api_key: $API_KEY"
Declare the credential and config-path requirements in metadata, document the minimum permissions needed, and ask the user before using local credentials for uploads.
The actual safety of upload and document-creation behavior depends partly on separately installed skills or MCP tools.
The skill depends on other skills/tools for synchronization, but those dependencies are not included, pinned, or reviewed in the provided artifacts.
### 必须安装的 Skill - **ima-skills**(或 **腾讯ima**)— 用于上传到 IMA 知识库 ### 可选但推荐的 Skill - **腾讯文档** — 用于同步到腾讯文档
Install only trusted versions of the required integration skills and verify their permissions before enabling automatic sync.
If the generated report contains confidential, inaccurate, or unreviewed material, it may become searchable and reused by others or future workflows.
The generated Markdown is intended to be stored in a knowledge base for indexing and retrieval, creating persistent reusable context.
上传文件使用 **Markdown 版本**(便于知识库索引和检索)
Review the report for confidentiality and accuracy before syncing, and ensure the destination knowledge base has appropriate access controls.