ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Daily Report Writer

v1.0.0

根据输入生成日报 Markdown 草稿并写入 reports 目录

0· 1.1k·16 current·17 all-time
by@joifg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description and runtime instructions align: the skill only needs to generate content and read/create a file under reports/{{date}}-daily-report.md. There are no unrelated env vars, binaries, or installs.
Instruction Scope
Instructions are narrowly scoped to validating inputs, creating/reading reports/{{date}}-daily-report.md, writing a fixed template, and returning a status. One operational note: the SKILL.md does not specify input sanitization beyond date format; ensure the agent enforces the YYYY-MM-DD constraint and prevents path traversal or use of absolute paths so the file write stays confined to the intended workspace.
Install Mechanism
No install spec or code is present (instruction-only), so nothing is downloaded or written to disk outside the expected report file.
Credentials
No environment variables, credentials, or config paths are requested; this is proportionate to the stated purpose.
Persistence & Privilege
The skill is not forced-always (always: false). It can be invoked autonomously (normal default) and writes only its own report file per instructions. No indication it modifies other skills or global agent configs.
Assessment
This skill appears coherent, but take these practical precautions before enabling it: 1) Confirm the agent enforces strict validation of the date input (YYYY-MM-DD) to avoid path-traversal or injection into the file path. 2) Verify the path is interpreted as a relative reports/ directory inside the agent workspace (not an absolute or parent path). 3) Decide and document overwrite behavior (should existing reports be replaced, backed up, or rejected?). 4) Ensure the reports directory has appropriate permissions and is isolated from sensitive system locations. 5) Review the report template to avoid accidentally writing or exposing sensitive information. 6) If running in a multi-tenant or production environment, run the skill in a sandboxed workspace with limited write permissions. If you want a higher-assurance review, provide the actual template the skill will write and the agent runtime path resolution rules so we can check for filename sanitization and exact file locations.

Like a lobster shell, security has layers — review code before you run it.

latestvk973f5m4jb8e3ha621t0tcv2w98240at

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📝 Clawdis

Comments