report-writing-skills
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is meant to collect research reports, but some included scripts appear to simulate authenticated downloads and generate hard-coded results, so users should review it before relying on its reports.
Use this skill cautiously: verify that it really logs in, searches, and downloads the intended reports before trusting the generated analysis, and provide only credentials for the specific research site you intend to use.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could believe the final analysis is based on freshly authenticated downloads when it may be based on hard-coded or placeholder information.
The script reports successful authentication and workflow progress while explicitly using a simulated, non-interactive path and saving metadata-only placeholders rather than downloaded PDFs.
# Simulate workflow with hard-coded requirements (non-interactive) ... print("✅ 网站认证登录成功") ... f.write(f"Status: Metadata only (PDF download requires authentication)\n")Do not rely on generated reports without verifying the source documents were actually downloaded and reviewed; the maintainer should clearly label demo/simulation code or replace it with real, user-confirmed collection logic.
The agent may ask for or use your research-site account credentials during the workflow.
The skill is expected to use user-provided login credentials for a research website, which is aligned with its stated report-download purpose but still grants delegated account access.
1. **网站认证** - 使用提供的凭据登录研究网站
Use only credentials for the intended research site, avoid sharing broader account access, and prefer a limited or disposable account if available.
The agent may browse a site, trigger downloads, and create report files on your machine.
The workflow automates external website interaction, downloads, and local file writes; these are expected for report collection but are still actions the user should confirm.
点击下载按钮或访问下载链接 - 将文件保存到指定目录
Confirm the target website, selected reports, and save directory before allowing the workflow to run.
If run in a different environment, the script could fail or import code from an unexpected local path.
A helper script prepends a hard-coded local path for imports instead of using its own package-relative location, creating ambiguity about exactly which local module would be loaded if that path differs from the reviewed files.
sys.path.insert(0, '/root/.openclaw/workspace/skills/report-writing-v1.03/scripts')
Use package-relative imports and verify the installed script directory before executing helper scripts.