Moltbook Weekly Report
v1.0.0自动生成周报并写入企业微信文档。支持数据汇总、Markdown报告生成、一键发布,适合项目周报、团队同步、数据报告场景。
⭐ 0· 86·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (generate weekly reports and publish to 企业微信) align with the included Python scripts. The scripts produce Markdown, read local data sources, save to /tmp, and output commands to publish via the wecom_mcp MCP tool — which is coherent with the skill purpose.
Instruction Scope
SKILL.md and scripts claim '一键发布' but the implementation only prints/illustrates wecom_mcp commands and prompts manual steps (it does not directly perform network calls or automatically invoke the MCP unless run in an OpenClaw environment that executes those commands). The code reads local files (/tmp/v35_migration_config.json and /tmp/price_monitor_db.json) to aggregate data — this is in-scope for report generation but may touch sensitive local data.
Install Mechanism
No install spec or external downloads; this is an instruction-plus-scripts skill. No archived or remote install behavior was found, so nothing arbitrary will be fetched or written to disk by an installer.
Credentials
The skill requires no declared environment variables or credentials. However, it assumes availability of the wecom_mcp MCP tool (which, when used, will rely on platform credentials/config). The scripts read local /tmp JSON files — if those files contain secrets or sensitive data, the generated report may include them. No unrelated external credentials are requested by the skill itself.
Persistence & Privilege
always is false; the skill does not modify other skills or global agent configuration. It writes temporary files under /tmp (report files) and prints commands; it does not persist an agent-level credential or enable itself automatically.
Assessment
This skill appears to do what it says, but check before running: 1) Inspect /tmp/v35_migration_config.json and /tmp/price_monitor_db.json (or any local data it will read) to ensure they don't contain sensitive credentials or PII you don't want included in a report. 2) Understand that 'one-click publish' is optimistic — the scripts print wecom_mcp commands and expect you to run them in an OpenClaw environment with the wecom plugin (and that environment will need valid WeCom credentials). 3) If you want to avoid accidental publishing, run with --output to generate a local report first and review it before attempting publish steps. 4) Only run the MCP commands if you trust the OpenClaw/wecom_mcp environment and have reviewed/approved the script contents.Like a lobster shell, security has layers — review code before you run it.
latestvk970b4yt1hp4b38d6f53zj53q183n6m3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.