Daily Report
v1.0.0Generate daily, weekly, and alert reports tracking leads, outreach, cost, priorities, and issues, saving structured summaries for progress monitoring.
⭐ 5· 4.7k·86 current·92 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md describes daily/morning/eod/weekly reports, memory files, and immediate alerts via Telegram, and recommends using a local model (ollama). However the skill declares no description, no required binaries (e.g., ollama), and no required environment variables (e.g., TELEGRAM_TOKEN) even though the instructions imply external integrations and a local model are needed. Notion and budget/API references are mentioned but no integration credentials or APIs are declared.
Instruction Scope
Runtime instructions instruct saving reports to memory/YYYY-MM-DD.md and to "Trigger immediate Telegram alert" for several events. Those are actionable items that involve writing to disk and sending data externally, but the instructions do not specify how to authenticate or which endpoints to use. This is scope creep relative to a simple templating/reporting skill because it implies network communication and persistent storage without declaring required access.
Install Mechanism
No install spec and no code files are present, so nothing will be downloaded or installed by the skill itself. That lowers install-time risk, but it also means required runtime components (like ollama) must already exist on the host — the skill does not declare those dependencies.
Credentials
The skill requests no environment variables or credentials, yet its instructions clearly require access to external services (Telegram alerts, possibly Notion or other APIs) and to the filesystem for memory storage. This mismatch (no declared TELEGRAM_TOKEN, NOITON creds, or ollama binary) is disproportionate and ambiguous: if you supply credentials later, the skill could use them for exfiltration without a clear, declared purpose.
Persistence & Privilege
always:false and no install steps mean the skill does not request elevated or permanent presence. It will run only when invoked. Note: default platform behavior allows autonomous invocation; here that default is not combined with other high-risk privileges.
What to consider before installing
This skill is instruction-only and doesn't install code, but its runtime instructions expect things that aren't declared: a local model (ollama), the ability to write memory/*.md files, and the ability to send Telegram alerts (which requires a bot token). Before installing or enabling this skill: 1) Do not provide any external API tokens (Telegram, Notion, etc.) unless you trust the skill and can control where alerts go. 2) If you intend to use Telegram alerts, require the skill author to declare required env vars (e.g., TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID) and explain exactly what messages are sent. 3) Ensure ollama (or the intended model runtime) is intentionally installed and available if you want local model use; otherwise the skill's "local (ollama)" recommendation is meaningless. 4) Consider running the skill in an isolated/limited environment if it will be allowed to write files or send network requests. 5) If you cannot edit the SKILL.md or confirm required dependencies and credentials, treat this skill with caution or avoid installing it. These mismatches are likely sloppy configuration, but they could also result in unintended data transmission if you later supply credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk97c1tv35ydzm0xygkgy6jeegn80ke6r
License
MIT-0
Free to use, modify, and redistribute. No attribution required.