Report
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only reporting skill is coherent and disclosed, but scheduled reports may use user-provided API credentials and send report contents to configured external destinations.
This skill appears safe to install if you want scheduled reports. Before enabling reports, use scoped API keys, confirm each delivery destination, prefer local file delivery for sensitive data, and periodically review the ~/report folder and scheduled jobs.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you configure third-party data sources, the agent may be able to read data available to those API keys.
The skill can use user-supplied provider credentials to fetch report data, but this is disclosed and aligned with the reporting purpose.
User provides API keys if external data needed ... Config references env var name, never the value.
Use dedicated, least-privilege or read-only API keys where possible, and avoid putting secret values directly into report config files.
Reports may contain business, financial, or personal data and can be sent to external services if you configure those channels.
The skill clearly discloses that configured delivery channels can transmit generated report content outside the local device.
External delivery (Telegram/webhook/email) sends report content off-device. - User explicitly configures each channel
Verify recipients, chat IDs, webhook URLs, and email settings before enabling scheduled delivery; use local file delivery for sensitive reports.
A report can continue generating and delivering on its schedule until paused or removed.
The skill documents recurring scheduled agent turns, which are persistent autonomous activity but are central to the stated recurring-report purpose.
cron action=add job={ ... "payload": { "kind": "agentTurn", "message": "Generate {report-name} report and deliver via {channel}" }, "sessionTarget": "isolated" }Review scheduled jobs periodically, pause reports you no longer need, and confirm each schedule before enabling it.
Local report history and preferences may persist over time and influence future reports.
The skill stores persistent local preferences and historical report data that may be reused for future report generation.
~/report/ ├── memory.md # Index + preferences ... ├── data.jsonl # Historical data
Keep sensitive report data out of configs when possible, inspect ~/report periodically, and delete old report data you no longer want retained.