report-writing-skills
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could believe the final analysis is based on freshly authenticated downloads when it may be based on hard-coded or placeholder information.
The script reports successful authentication and workflow progress while explicitly using a simulated, non-interactive path and saving metadata-only placeholders rather than downloaded PDFs.
# Simulate workflow with hard-coded requirements (non-interactive) ... print("✅ 网站认证登录成功") ... f.write(f"Status: Metadata only (PDF download requires authentication)\n")Do not rely on generated reports without verifying the source documents were actually downloaded and reviewed; the maintainer should clearly label demo/simulation code or replace it with real, user-confirmed collection logic.
The agent may ask for or use your research-site account credentials during the workflow.
The skill is expected to use user-provided login credentials for a research website, which is aligned with its stated report-download purpose but still grants delegated account access.
1. **网站认证** - 使用提供的凭据登录研究网站
Use only credentials for the intended research site, avoid sharing broader account access, and prefer a limited or disposable account if available.
The agent may browse a site, trigger downloads, and create report files on your machine.
The workflow automates external website interaction, downloads, and local file writes; these are expected for report collection but are still actions the user should confirm.
点击下载按钮或访问下载链接 - 将文件保存到指定目录
Confirm the target website, selected reports, and save directory before allowing the workflow to run.
If run in a different environment, the script could fail or import code from an unexpected local path.
A helper script prepends a hard-coded local path for imports instead of using its own package-relative location, creating ambiguity about exactly which local module would be loaded if that path differs from the reviewed files.
sys.path.insert(0, '/root/.openclaw/workspace/skills/report-writing-v1.03/scripts')
Use package-relative imports and verify the installed script directory before executing helper scripts.