ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

自动周报助手

v1.0.0

自动整理周报工具。支持从多个数据源(GitHub、飞书文档、日历)汇总工作内容,生成Markdown周报。支持保存历史、AI摘要、导出PDF/HTML、发送邮件、写入飞书文档。适用于需要定期总结工作成果的用户。

0· 115·0 current·0 all-time
by@carson1012

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for carson1012/weekly-report-ai.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "自动周报助手" (carson1012/weekly-report-ai) from ClawHub.
Skill page: https://clawhub.ai/carson1012/weekly-report-ai
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install weekly-report-ai

ClawHub CLI

Package manager switcher

npx clawhub@latest install weekly-report-ai
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description match the included scripts: GitHub, Feishu, calendar fetching, report generation, PDF/HTML export, email sending, and local history management. However, the registry metadata declares no required environment variables/credentials while the SKILL.md and the scripts clearly require secrets (GitHub token, Feishu token, SMTP credentials or Google credentials file). That mismatch is an inconsistency (likely metadata omission) but not evidence of malicious behavior.
Instruction Scope
Runtime instructions and scripts operate within the expected scope: they call GitHub/Feishu/calendar APIs and write reports to ~/.weekly-report/history/. They do not call unknown external endpoints. A notable operational detail: the SKILL.md and sample commands suggest passing tokens/passwords on the command line, which can leak to shell history and process listings; the Google calendar path expects a local credentials file. Also check the code quality issues (e.g., a couple of datetime.timedelta references that will raise errors) before automated scheduling.
Install Mechanism
This is an instruction-only skill with bundled scripts and no install spec that downloads remote code. No external installers or unpacking from arbitrary URLs are used, so installation risk is low. The code imports external Python packages (requests, PyGithub, googleapiclient), so you must ensure a safe runtime environment with those dependencies.
!
Credentials
Although the registry metadata lists no required environment variables, the scripts require sensitive credentials (GitHub personal access token, Feishu access token, Google credentials file, SMTP username/password). Those credentials are reasonable for the described integrations, but the metadata omission is misleading. Also, passing sensitive secrets on command line arguments (examples in SKILL.md) can expose them via process listings or shell history — a privacy risk to consider.
Persistence & Privilege
The skill writes report files and metadata into its own user-scoped directory (~/.weekly-report/history/) which is appropriate for its purpose. It does not request always:true, does not modify other skills, and does not attempt to change system-wide agent settings.
Assessment
This skill appears to do what it claims, but review these before installing/using: 1) Credentials: the scripts require GitHub/Feishu/SMTP/Google credentials even though the registry metadata lists none — supply tokens securely (prefer environment variables or a secrets store, not raw CLI args) and avoid embedding passwords in shell history. 2) Local storage: reports and metadata are saved under ~/.weekly-report/history/ — check permissions and clean sensitive contents if needed. 3) Dependencies: ensure Python packages (requests, PyGithub, googleapiclient) and optional tools (pandoc, xelatex) are installed in a controlled environment. 4) Bugs: there are minor code bugs (incorrect datetime.timedelta usage in history_manager) you may want to fix before automated runs. 5) Least privilege: create and use scoped API tokens (short-lived or limited-permission tokens) and revoke them if you stop using the skill. If you want, I can point out exact lines to change for safer credential handling or help produce hardened example usage (env var approach, prompting for secrets, file-permissions).

Like a lobster shell, security has layers — review code before you run it.

latestvk9776p109hzpg4fr6ctd0jc5vn838xcm
115downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@carson1012
latest
Download

Weekly Report - 自动整理周报

功能概述

自动从多个数据源汇总一周工作内容,生成结构化的Markdown周报,支持多种输出方式。

支持的数据源

1. GitHub / GitLab

  • 获取内容:commits、PRs、issues
  • 配置:用户需提供仓库地址和访问Token

2. 飞书文档/知识库

  • 获取内容:指定文档/知识库中的更新
  • 配置:用户提供文档链接或知识库ID

3. 日历事件

  • 获取内容:Google Calendar / 飞书日历
  • 配置:用户授权日历访问

4. 手动输入

  • 用户在对话中补充工作内容

输出功能

1. Markdown周报

生成标准格式周报,包含:

  • 本周概览(提交数、PR数、会议数)
  • GitHub贡献(PR详情+提交记录)
  • 文档更新
  • 会议记录
  • 补充说明
  • 下周计划

2. 历史保存

  • 自动保存到 ~/.weekly-report/history/
  • 支持查询历史周报
  • 按周查看/删除历史

3. 导出功能

  • HTML:生成带样式的网页
  • PDF:使用pandoc导出(需安装pandoc)

4. 邮件发送

  • 支持SMTP协议(QQ邮箱、网易邮箱等)
  • 自动转换为HTML格式

5. 飞书文档

  • 自动创建飞书文档
  • 支持追加到已有文档

使用方式

手动触发

用户说"生成周报"、"整理本周工作"时执行。

定时执行

配置cron任务,每周五下午自动执行。

脚本列表

脚本功能
generate_report.py生成Markdown周报
github_fetcher.py获取GitHub数据
feishu_fetcher.py获取飞书文档
calendar_fetcher.py获取日历事件
feishu_writer.py写入飞书文档
email_sender.py发送邮件
export_pdf.py导出PDF/HTML
history_manager.py历史周报管理

配置项

配置项说明必填
github_tokenGitHub访问Token
github_repos监控的仓库列表
feishu_token飞书Access Token
feishu_docs监控的文档/知识库
smtp_hostSMTP服务器
smtp_portSMTP端口
smtp_username邮箱账号
smtp_password邮箱授权码
user_name用户姓名

示例命令

# 生成周报
python3 generate_report.py --user "张三" --github data.json --manual "本周工作..."

# 获取GitHub数据
python3 github_fetcher.py --token $GITHUB_TOKEN --repos "user/repo" --since "2026-03-16" --until "2026-03-22"

# 发送邮件
python3 email_sender.py --smtp-host smtp.qq.com --smtp-port 465 --username "user@qq.com" --password "xxx" --to "boss@company.com" --subject "第12周周报" --content "$MARKDOWN" --html

# 写入飞书
python3 feishu_writer.py --token $FEISHU_TOKEN --title "第12周周报" --content "$MARKDOWN"

# 导出PDF
python3 export_pdf.py --input report.md --output report.pdf --format pdf

# 保存历史
python3 history_manager.py --action save --week-start "2026-03-16" --week-end "2026-03-22" --content "$MARKDOWN"

# 查看历史
python3 history_manager.py --action list --limit 5

Comments

Loading comments...