ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

YTLong Daily Report

v1.0.0

Automatically generate daily/weekly work reports from git commits, calendar events, and task lists. Use when you need to quickly create professional work rep...

0· 327·0 current·0 all-time
by@1989tianlong
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
SKILL.md and the description claim aggregation from git, calendar, and task managers (Google/Apple/Apple Reminders). The shipped index.js implements only git commit collection and report generation; there is no calendar or task integration code. This is a clear mismatch between claimed capabilities and actual implementation.
!
Instruction Scope
Runtime instructions tell the user to run node index.js and create .reportrc.json. The program reads .reportrc.json and executes shell commands via execSync: it constructs a command string containing the configured repo path and runs cd "<repo>" && git log ... via the shell. Because repo paths are interpolated into a shell string, a malicious or malformed repo entry in .reportrc.json can cause shell command injection. The script also writes report files to the current working directory (report-<since>.md).
Install Mechanism
No install spec is provided (instruction-only skill plus included Node files). package.json is present but there are no external dependencies and installation is standard npm install. Nothing is downloaded from unknown hosts during install.
Credentials
The skill declares no required environment variables or credentials, which matches the code. However SKILL.md mentions optional calendar access (Google/Apple) without specifying how credentials would be provided; since no calendar code exists, there is currently no handling of OAuth tokens or secrets — this inconsistency should be clarified before trusting calendar/task features.
Persistence & Privilege
The skill does not request persistent 'always' presence, does not modify other skills or global agent settings, and only writes a report file to the working directory. No elevated platform privileges are requested.
What to consider before installing
The skill claims it aggregates git, calendar, and tasks, but the code only reads git commits — treat calendar/task features as unimplemented. Before installing or running: (1) review .reportrc.json and only include trusted local repo paths — untrusted paths can lead to shell injection because the code embeds repo strings into a shell command; (2) prefer to run the script in a non-sensitive directory and inspect the generated report file; (3) if you need calendar/task integration, request clarification or an updated version that implements and documents secure OAuth handling; (4) consider patching the code to avoid execSync string interpolation (use child_process.spawn with argument arrays or validate/sanitize repo paths) to eliminate command-injection risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk976967hth1p95553s7kfg8k6n82bazs
327downloads
0stars
1versions
Updated 4h ago
v1.0.0
MIT-0
@1989tianlong
latest
Download

Daily Report Generator

Automatically generates professional daily/weekly work reports by analyzing:

  • Git commits from the day/week
  • Calendar events
  • Task completions

Features

  • Multi-source aggregation: Pulls data from git, calendar, and task managers
  • Smart summarization: Groups related activities automatically
  • Multiple formats: Markdown, HTML, plain text
  • Language support: Chinese and English output

Usage

Generate Today's Report

node index.js today

Generate Weekly Report

node index.js week

Generate Custom Date Range

node index.js range --from 2024-01-01 --to 2024-01-07

Specify Output Format

node index.js today --format html
node index.js week --format markdown

Configuration

Create a .reportrc.json in your project root:

{
  "git": {
    "enabled": true,
    "repos": ["./", "../other-project"]
  },
  "calendar": {
    "enabled": true,
    "sources": ["google", "apple"]
  },
  "tasks": {
    "enabled": true,
    "sources": ["apple-reminders"]
  },
  "output": {
    "language": "zh-CN",
    "format": "markdown",
    "includeStats": true
  }
}

Output Example

# 工作日报 - 2024年1月15日

## 完成的任务
- ✅ 完成用户认证模块开发
- ✅ 修复登录页面样式问题
- ✅ 代码审查:PR #123

## Git 提交
- feat: 添加双因素认证 (abc123)
- fix: 修复移动端显示问题 (def456)
- docs: 更新 API 文档 (ghi789)

## 会议
- 10:00 产品需求评审会
- 14:00 技术方案讨论

## 明日计划
- 继续开发支付模块
- 参加团队周会

Requirements

  • Node.js 18+
  • Git (for commit analysis)
  • Optional: Calendar access (Google/Apple)

Installation

npm install

License

MIT

Comments

Loading comments...