Research Report Generator
ReviewAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent report-generation skill, with disclosed but important notes around full-mode experiment execution, optional PDF tooling, and saved report history.
This skill looks safe to install for ordinary report generation. Prefer lite mode unless you intentionally want environment setup or experiment reproduction, use an isolated environment for full mode, and review the workspace memory/log files and any external delivery step if the report concerns private code or research.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using full mode could lead to package installation or experiment commands in the user's environment if the workflow is carried out.
Full mode is explicitly described as installing dependencies and running experiments, which can execute project code and change the local environment. This is purpose-aligned for reproduction work, but it is higher-impact than simple report writing.
### Full Mode - Everything in lite mode + - Conda/virtualenv setup - Dependency installation - Experiment execution
Use lite mode for reading and writing only. For full mode, approve commands explicitly and run them in an isolated conda/virtualenv or disposable workspace.
PDF generation may depend on another installed local skill, so that other skill's behavior affects the final conversion step.
The script will execute a locally installed md2pdf skill if present. This is a disclosed, purpose-aligned PDF conversion dependency, but the invoked script is not part of this skill's provided files.
MD2PDF_SCRIPT="$HOME/.openclaw/skills/md2pdf/scripts/md2pdf.sh" ... bash "$MD2PDF_SCRIPT" "$FINAL_MD" "${FINAL_MD%.md}.pdf"Install or keep md2pdf only from a trusted source, or rely on the direct pandoc fallback if you do not want this skill to call another local skill.
Report topics, file paths, and log locations may remain in the workspace after the task finishes.
The script appends the topic and output paths to a persistent workspace memory file. This is disclosed in SKILL.md and fits the reporting workflow, but it can retain sensitive project names or paths.
cat >> "$MEMORY_FILE" << EOF
## ${TOPIC} Research Report
- **Report:** $FINAL_MD
- **Log:** $LOG_FILEAvoid putting secrets in topic names, choose a suitable workspace, and delete or review the memory and log files if the report involves sensitive work.
If an agent follows this instruction, a generated report that may summarize private local code or research could be sent through Telegram.
The documented workflow mentions delivering the generated PDF over Telegram. No Telegram implementation or credential handling is present in the provided scripts, but the instruction describes an external delivery channel.
### Phase 5: PDF Generation 1. Call md2pdf skill 2. Send to user via Telegram
Confirm the delivery channel before generating reports that include private project information, and request local-only output if external messaging is not desired.