决策简报虾 (decision-briefing-claw)

This skill appears to implement the described reporting workflow, but be cautious before installing and running it: - Expect to provide sensitive credentials: DB passwords, API tokens, and push-webhook URLs (e.g., Feishu webhook) are read from config files and expanded from environment variables (examples in references use ${MYSQL_PASSWORD}, ${FINANCE_API_TOKEN}). The skill metadata does not declare these env vars — verify and supply only least-privilege secrets (readonly DB accounts, scoped API tokens). - Review and secure config files: config/data-sources.json and config/channels.json will contain secrets or webhook endpoints. Store them with restricted file permissions and do not put production credentials in world-readable locations. - Arbitrary SQL capability: the test subcommand executes whatever SQL you pass against the first DB in the config. Avoid running untrusted queries and prefer readonly accounts to reduce risk. - Outbound push targets: the script will POST report content to whatever webhook URL is configured. Ensure webhooks point to trusted endpoints; a malicious webhook could exfiltrate sensitive business data. - Run first in a non-production / isolated environment: validate behavior using test credentials and sample data, confirm required tools (jq, mail, curl, Python deps) and consider adding explicit metadata about required env vars before deploying broadly. - Operational recommendations: use least-privilege DB users, rotate tokens, restrict file system locations it can read (avoid mounting / or sensitive dirs), and review cron entries for who can edit them. Given the unadvertised credential use and ability to execute SQL and post data externally, treat this skill as suspicious until you audit and harden its configuration.