Daily Report Generator
AdvisoryAudited by Static analysis on May 4, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private work notes, long-term memory, commit history, or project details could be pulled into generated reports without the user noticing every source used.
The skill instructs the agent to automatically reuse persistent memory and work logs as source material for reports. This is purpose-aligned, but the artifacts do not define clear path boundaries, exclusions, approval steps, or handling for sensitive content.
自动读取工作日志、记忆文件、Git记录... 生成周报时,自动读取过去7天的 `memory/` 日志文件... 生成月报时,自动读取该月所有日志 + 周报内容
Before installing, decide which folders/files the skill may read. Ask the agent to show sources and preview the report before saving or sharing it, and exclude confidential notes or projects.
A user may believe all report handling stays local, then ask for a Feishu output that could share summarized private work data to a workspace or channel.
The artifact claims no API calls and privacy safety, while also advertising Feishu delivery. Sending to Feishu may be user-directed, but the privacy wording could cause users to underestimate external sharing risk.
🔒 **零外部依赖** — 纯本地文件读取,无API调用,隐私安全 ... "生成日报,发到飞书" ... **飞书卡片** | 直接发飞书
Treat Feishu delivery as external sharing. Preview the report, confirm the destination and recipients, and avoid including sensitive internal details unless explicitly approved.
If configured, the agent may keep reminding the user on a schedule after installation.
The skill documents optional scheduled reminders via Heartbeat or Cron. This is disclosed and framed as a reminder, but it is persistent behavior users should intentionally configure.
报告提醒(配合Heartbeat或Cron使用)... 工作日 17:30:如果今天还没生成日报,提醒用户"快下班了,要生成今天的日报吗?"
Only add the Heartbeat/Cron entries if you want scheduled reminders, and verify they do not automatically generate or send reports without confirmation.