ClawHub
Back to skill
v1.0.0

ai-report

BenignClawScan verdict for this skill. Analyzed May 3, 2026, 12:29 AM.

Analysis

This instruction-only report generator is purpose-aligned, but it may read daily memory files and save persistent reports, so users should review what information gets included.

GuidanceThis skill appears safe and coherent for generating work reports. Before enabling automatic generation, check what is stored in your daily memory files and remember that reports saved under ~/.openclaw/reports/ may contain private project details, decisions, or follow-up tasks.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents
SeverityInfoConfidenceMediumStatusNote
SKILL.md
每次会话结束自动整理,生成结构化的工作汇报。 ... 会话结束时自动生成日报(可配置开关)。

The skill describes automatic session-end report generation. This is disclosed and purpose-aligned, but users should understand whether automatic generation is enabled in their environment.

User impactIf automatic generation is enabled, the agent may create report files after conversations without a separate manual command each time.
RecommendationKeep automatic generation disabled unless desired, and periodically review the report directory for content you do not want retained.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
扫描当日日记 memory/YYYY-MM-DD.md ... 生成结构化报告 ... 自动归档到 reports/YYYY-MM-DD.md

The skill reads persistent daily memory/journal content and turns it into a saved report. This is expected for the stated purpose, but the resulting report may preserve sensitive conversation or work details.

User impactPrivate tasks, decisions, or discussion details from memory files could be summarized into persistent report files.
RecommendationReview generated reports before sharing them, avoid storing secrets in daily memory files, and delete or redact reports that contain sensitive information.