ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Biz Reporter

Automated business intelligence reports pulling data from Google Analytics GA4, Google Search Console, Stripe revenue, social media metrics (Twitter/X, Linke...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 865 · 8 current installs · 8 all-time installs
byArik Tulchinsky@ariktulcha
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md explicitly describes integration with GA4, Search Console, Stripe, PayPal, Twitter/X, LinkedIn, Instagram, HubSpot, Airtable, Google Sheets, Notion, Slack, and email delivery. Yet the registry metadata lists no required environment variables, no primary credential, and no required binaries. Real integrations with these services normally require API keys, OAuth client IDs/secrets, webhooks, or CLI tools. The absence of declared credentials or tools is inconsistent with the claimed functionality.
!
Instruction Scope
The instructions permit accessing data via 'gog' tool, browser automation, CLI tools, API calls, and arbitrary custom API endpoints and CSV/spreadsheet files. That scope implicitly requires handling user credentials, accessing external networks, and potentially reading uploaded files. The SKILL.md gives broad discretion (scheduling via cron, delivering via multiple channels, parsing custom APIs) which could permit pulling or sending sensitive data; the runtime instructions as provided do not restrict or document how credentials or exported reports are handled.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That lowers the disk-write/execution risk because nothing is automatically downloaded or installed by the registry. However, the skill's instructions reference external tools and browser automation that, if invoked by the agent environment, could require additional software not declared here.
!
Credentials
Although the skill will need multiple service credentials to function (GA4, Search Console, Stripe, social APIs, HubSpot, Airtable, Slack/Notion/email delivery), the package declares none. This mismatch means the skill either expects interactive input of secrets at runtime or the author omitted declaring required env vars. Either way, the skill's credential needs are not transparent or constrained, which increases risk of accidental credential exposure or over-permissioned tokens.
Persistence & Privilege
The skill is not marked always:true and is user-invocable (defaults). It does not request persistent installation or modify other skills according to the provided metadata. That limits automatic/always-on privilege. Still, because it can be invoked autonomously by the agent (disable-model-invocation is false by default), combining that with broad, undeclared credential access would increase risk — but autonomous invocation alone is not a problem here.
What to consider before installing
Do not install or grant access yet. Ask the publisher for: (1) a complete list of exact credentials/permissions the skill needs (OAuth scopes, API keys, webhook URLs), (2) how credentials are supplied, stored, and rotated (are tokens stored locally, in agent config, or sent to a remote server?), (3) which binaries or browser automation tools it will call (e.g., headless Chrome, puppeteer), and (4) precise delivery endpoints used for Slack/Notion/email. Prefer least-privilege, read-only API keys or service accounts and short-lived tokens. If the skill will be run, test first with non-production, limited-permission credentials and with sanitized/sample data. If the author cannot or will not provide these details or source code, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk974a5myps4k3qvrt7fvcmsvyn817d7n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis

SKILL.md

Biz Reporter

Business intelligence that writes itself. Pull data from multiple sources, spot trends, and generate beautiful reports — on demand or on schedule.

Why This Exists

Data & Analytics has only 18 skills out of 3,286 on ClawHub — the most underserved category by far. Yet automated reporting is called "the most universally loved automation" in the OpenClaw community. Every business needs it, nobody has built it properly.

How It Works

Biz Reporter connects to the user's business tools, pulls key metrics, applies trend analysis, and generates a formatted report. It works with whatever tools the user has — from a solo founder with just Google Analytics to a team with a full data stack.

Supported Data Sources

Web Analytics

  • Google Analytics (GA4): sessions, users, pageviews, bounce rate, top pages, traffic sources
  • Google Search Console: impressions, clicks, CTR, average position, top queries
  • Access via gog tool, browser automation, or API calls

Revenue & Payments

  • Stripe: MRR, revenue, new customers, churn, top products
  • PayPal: transaction summaries
  • Access via CLI tools or API calls with stored credentials

Social Media

  • Twitter/X: followers, engagement, top posts
  • LinkedIn: page views, post engagement, follower growth
  • Instagram: reach, engagement, follower count
  • Access via APIs or browser automation

CRM & Sales

  • HubSpot: leads, pipeline value, deals closed, contact growth
  • Airtable: custom database metrics
  • Access via API with stored keys

Custom Sources

  • Any API: the user can specify custom API endpoints to pull data from
  • CSV files: if the user dumps data as CSV, parse and include it
  • Spreadsheets: Google Sheets via API

Report Types

Daily KPI Snapshot

Quick pulse check — 2-3 minutes to generate, meant for morning review.

📊 Daily KPI Snapshot — [Date]

🌐 Website: [sessions] sessions ([+/-]% vs yesterday)
   Top page: [page] ([views] views)
   
💰 Revenue: $[amount] ([+/-]% vs yesterday)
   New customers: [count]
   
📱 Social: [total engagement] across platforms
   Best post: [platform] — [description] ([engagement])

⚡ Quick take: [One sentence AI analysis of the day]

Weekly Marketing Report

Comprehensive marketing performance overview.

📈 Weekly Marketing Report — [Date Range]

EXECUTIVE SUMMARY
[2-3 sentence overview: what went well, what needs attention, key number]

WEBSITE PERFORMANCE
• Sessions: [number] ([%] vs last week)
• Unique visitors: [number]
• Top traffic sources: [source 1] ([%]), [source 2] ([%]), [source 3] ([%])
• Top 5 pages by traffic:
  1. [page] — [views] views
  2. ...
• Bounce rate: [%] ([trend])

SEARCH PERFORMANCE
• Impressions: [number] ([%] change)
• Clicks: [number] ([%] change)
• Average CTR: [%]
• Average position: [number]
• Top gaining queries: [query] (+[positions])
• Top losing queries: [query] (-[positions])

SOCIAL MEDIA
• Total followers: [number] (net +[growth])
• Total engagement: [number]
• Best performing post: [description]
• Platform breakdown:
  - Twitter/X: [followers], [engagement]
  - LinkedIn: [followers], [engagement]

REVENUE (if available)
• Total revenue: $[amount] ([%] vs last week)
• New customers: [count]
• Churn: [count] ([%])
• MRR: $[amount]

TRENDS & INSIGHTS
• [AI-generated insight about notable trends]
• [Comparison to historical averages]
• [Actionable recommendation]

NEXT WEEK FOCUS
• [Suggested action based on data]

Monthly Business Review

Deep analysis with historical comparisons and strategic recommendations.

Follow the weekly format but expand with:

  • Month-over-month and year-over-year comparisons
  • Cohort analysis for customer retention (if data available)
  • Content performance breakdown (which articles drove traffic)
  • Funnel analysis: visitors → signups → customers (if trackable)
  • Strategic recommendations section with specific actions

Custom Report

If the user asks for something specific, build it:

  • "Show me our top 10 pages by revenue contribution"
  • "Compare this month's social engagement to last month"
  • "What keywords are we losing rankings for?"

Trend Detection

Biz Reporter doesn't just show numbers — it spots patterns:

  1. Week-over-week anomalies: flag metrics that changed more than 20% from the prior week
  2. Declining trends: if a metric has dropped for 3+ consecutive periods, raise it prominently
  3. Correlation hints: "Traffic from Twitter spiked 40% — this correlates with your viral post on [date]"
  4. Seasonal patterns: if historical data shows patterns (e.g., weekend dips), note them instead of alerting
  5. Comparison framing: always show the comparison baseline so numbers have context

Natural Language Queries

Users can ask questions about their data conversationally:

User saysAction
"How's our traffic this week?"Quick web analytics summary with week-over-week comparison
"What's our MRR?"Pull Stripe data, show current MRR with trend
"Which blog posts are getting the most traffic?"Top pages report from GA4
"Are we ranking better or worse this month?"Search Console comparison
"Generate my weekly report"Full weekly marketing report
"How did our launch go?"Pull metrics for a specific date range around the launch
"Show me revenue by month for the last 6 months"Historical revenue chart description

Scheduling Reports

Help users set up recurring reports via cron:

[
  {
    "name": "Daily KPI snapshot",
    "schedule": "0 8 * * 1-5",
    "prompt": "Generate daily KPI snapshot and send to Slack #metrics"
  },
  {
    "name": "Weekly marketing report",
    "schedule": "0 9 * * 1",
    "prompt": "Generate weekly marketing report for last week and send via email"
  },
  {
    "name": "Monthly business review",
    "schedule": "0 10 1 * *",
    "prompt": "Generate monthly business review for last month and post to Notion"
  }
]

Setup & Configuration

On first use:

  1. Discover available tools: check which data sources the user has access to (GA4, Stripe, etc.)
  2. Authenticate: help configure API keys or tool access for each source. Store securely in environment variables, never in SKILL.md or memory.
  3. Baseline: pull initial data to establish benchmarks for future comparisons
  4. Preferences: ask about reporting frequency, delivery channel, and which metrics matter most
  5. Store config: save all preferences in workspace memory

Output Formats

Reports can be delivered as:

  • Chat message: formatted directly in the conversation or messaging channel
  • Markdown file: saved to workspace for archival
  • Notion page: if Notion skill is available
  • Email: via configured email skill
  • Slack/Discord message: for team channels

Edge Cases

  • Partial data: if some sources are unavailable, generate the report with what's available and note what's missing
  • No historical data: on first run, can only show current snapshot. Note that comparisons will be available next period.
  • API rate limits: cache data within a session and batch requests
  • Zero traffic / new site: don't show depressing "0 visitors" — instead focus on setup progress and first wins
  • Multiple properties: if user has multiple websites/products, ask which one or generate combined report
  • Currency: detect user locale and format currency appropriately
  • Privacy: never include individual user data or PII in reports. Aggregate only.

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…