ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Smart Report Generator

v1.0.0

Automatically generate and schedule daily, weekly, or monthly reports with customizable templates and multi-platform IM push support.

0· 246·1 current·1 all-time
by@yang1002378395-cmyk

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for yang1002378395-cmyk/smart-report-generator.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Smart Report Generator" (yang1002378395-cmyk/smart-report-generator) from ClawHub.
Skill page: https://clawhub.ai/yang1002378395-cmyk/smart-report-generator
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install smart-report-generator

ClawHub CLI

Package manager switcher

npx clawhub@latest install smart-report-generator
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name/description promise scheduling and multi‑platform push (Feishu/企业微信/钉钉/Slack) but the shipped code only implements Feishu and Dingtalk sending and does not implement scheduling. The code does use an OpenClaw API client (for AI summary), which is consistent with an AI‑assisted report feature, but that credential is not declared in registry metadata or SKILL.md.
!
Instruction Scope
SKILL.md tells the user to pip install 'openclaw lark' and run the script with a config file. It does not mention that the script reads an OPENCLAW_API_KEY environment variable, nor does it list required Python packages used by the code (requests, pyyaml). The SKILL.md claims scheduling and broader platform support that the runtime instructions/code don't implement.
Install Mechanism
There is no formal install spec (instruction‑only with a code file). That is lower risk than arbitrary downloads, but SKILL.md's pip install command is incomplete: required runtime packages (requests, pyyaml) are not mentioned.
!
Credentials
The code reads OPENCLAW_API_KEY from the environment to call an OpenClaw API, but the skill metadata declares no required env vars or primary credential and SKILL.md doesn't instruct the user to set this key. Requiring an API key is reasonable for model calls, but it should be declared and documented. The config expects webhooks (sensitive endpoints) — that is in line with functionality but should be called out.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system settings, and does not require config paths beyond a local config file — no elevated persistence privileges detected.
What to consider before installing
Key things to consider before installing or running: - Undeclared credential: report_bot.py reads OPENCLAW_API_KEY from the environment but the registry and SKILL.md don't mention this. If you run it and set that key, the script will call the OpenClaw API — only provide that key if you trust the service and the skill author. - Missing dependency documentation: SKILL.md tells you to pip install 'openclaw lark' but the script also needs requests and pyyaml (PyYAML). Add/verify these packages before running. - Feature mismatches: The markdown and description claim scheduling and Slack/企业微信 support, but the code does not implement scheduling and only implements Feishu and Dingtalk. Treat those claims as inaccurate until the author fixes them. - Webhook safety: The config requires a webhook URL. Webhooks are sensitive; do not paste production or privileged webhooks without understanding where messages will be sent and who can receive them. - Audit the code and run in a sandbox: The script is short and readable, but you should inspect the code yourself (or run it in an isolated environment) to confirm there are no hidden endpoints or unexpected network calls. Confirm what OpenClaw account the API key will be billed to and what data is sent to the API (weekly summary prompt includes full task list). - What would change this assessment: if the author updates registry metadata to declare OPENCLAW_API_KEY as a required credential, updates SKILL.md to list all Python dependencies and clearly documents supported platforms and scheduling behavior (or implements these features), then the inconsistencies would be resolved and confidence would increase.

Like a lobster shell, security has layers — review code before you run it.

latestvk97atkx3t7jb47qxy1h3t95qzh833w2j
246downloads
0stars
1versions
Updated 3h ago
v1.0.0
MIT-0
@yang1002378395-cmyk
latest
Download

Smart Report Generator | 智能报告生成器

AI 自动生成日报/周报/月报,支持飞书/企业微信/钉钉/Slack 多平台推送

🎯 适用场景

  • 员工每天花 30 分钟写日报
  • 管理者需要团队周报汇总
  • 项目进度自动更新
  • 定时推送到 IM 平台

📦 包含内容

  1. 日报生成器 - 根据任务自动生成
  2. 周报/月报汇总 - 多人数据聚合
  3. 多平台推送 - 飞书/企微/钉钉/Slack
  4. 模板定制 - 自定义报告格式

🚀 快速开始

安装

pip install openclaw lark

配置

# config.yaml
platform: feishu
webhook: https://open.feishu.cn/open-apis/bot/v2/hook/xxx
schedule: "18:00"  # 每天下午 6 点推送
template: |
  ## 📅 {date} 日报
  ### ✅ 今日完成
  {completed_tasks}
  ### 📋 明日计划
  {planned_tasks}
  ### 🚧 阻塞问题
  {blockers}

运行

python report_bot.py --config config.yaml

💰 定价

版本价格功能
个人版¥29日报生成 + 本地存储
团队版¥99多人汇总 + 多平台推送
企业版¥299私有部署 + 自定义模板

🔧 技术支持

作者:OpenClaw 中文社区 版本:1.0.0

Comments

Loading comments...