Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Report Creator
v1.8.3Use when the user wants to CREATE or GENERATE a report, business summary, data dashboard, or research doc — 报告/数据看板/商业报告/研究文档/KPI仪表盘. Handles Chinese and Eng...
⭐ 0· 134·0 current·0 all-time
byKaiser@kaisersong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, and files align with a report-generation skill: many HTML templates, themes, examples, IR format, and an export script. There are no required env vars, binaries, or unrelated cloud credentials. The presence of templates, examples, and a screenshot/export helper is proportionate to the stated purpose.
Instruction Scope
SKILL.md instructs the agent to read IR files, templates, custom templates, theme CSS, and optionally fetch content from URLs — all expected for a report generator. However a pre-scan detected unicode-control-chars inside SKILL.md (prompt-injection pattern). That could be used to hide or manipulate instructions when the skill file is loaded into an LLM context. Also the skill will invoke a local Python script (scripts/export-image.py) when --export-image is used; that script will be executed in the user's environment (it may require installing Playwright). Inspect SKILL.md and scripts/export-image.py for hidden/obfuscated instructions and any network calls before use.
Install Mechanism
There is no install spec — the skill is instruction-only and ships assets/templates in the repo. This is low risk compared with remote install/downloads. The only executable action described is calling a local Python script to export images; no external archive downloads or obscure install URLs are present in the provided metadata.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The runtime instructions do not request secrets. The only notable external interaction is optional URL fetching (when --from <URL>), which is consistent with a generator that can fetch page content.
Persistence & Privilege
Flags show normal invocation (always: false, user-invocable true). The skill does not request permanent presence or elevated platform privileges and does not declare behavior that modifies other skills or global agent configuration.
Scan Findings in Context
[unicode-control-chars] unexpected: The pre-scan found unicode control characters embedded in SKILL.md. Control characters (e.g., bidi overrides, zero-width spaces) can be used to hide or obfuscate text and have been used in prompt‑injection attacks. They are not expected for a normal skill manifest and should be inspected in the raw file (byte-level) before trusting the skill.
What to consider before installing
What to check before installing or running this skill:
1) Inspect SKILL.md raw bytes for hidden characters: open the file in a hex/byte viewer or an editor that can show invisible characters. Look for bidi (U+202E/U+202A), zero-width spaces, or other control chars and remove them before use.
2) Review scripts/export-image.py before running: this file will be executed by the local Python interpreter when you use --export-image and may call Playwright or perform network IO. Verify it doesn't phone home, execute arbitrary shell commands, or write unexpected files. Run it only in a sandbox if uncertain.
3) When using --from <URL>, remember the skill may fetch remote pages: avoid passing sensitive internal URLs and prefer local files when possible. Confirm network behavior in the skill docs or script code.
4) Because the source is "unknown" and no homepage is provided, prefer to install from a trusted source (official repo) or run locally from a checked-out copy rather than a one-line installer. Check commit history or publisher identity if possible.
5) If you lack the ability to audit the files, run the skill in an isolated environment (container or VM) and do not enable export-image until you validate the export script.
Overall: functionally coherent with its description, but the prompt-injection signal and the presence of an executable export helper justify extra caution and code review before use.Like a lobster shell, security has layers — review code before you run it.
latestvk97194x8kepdm315b5q1150ap1846gaa
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📊 Clawdis