Smart Daily Report by YQG
PassAudited by ClawScan on May 10, 2026.
Overview
This instruction-only reporting skill is purpose-aligned, but it may inspect local repository history and use configured task, calendar, or document tools to build reports.
This skill appears benign and purpose-aligned for generating work reports. Use it with clear instructions about which projects, dates, task managers, calendars, and export destinations should be included, and confirm before writing to external documents.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may read commit history and change statistics from multiple local projects to prepare the report.
The skill directs the agent to use local system tools and scan broad common folders for repositories. This is consistent with generating work reports, but it can inspect more project history than a user may expect if they do not specify scope.
Use system tools to gather project activity... Scan for project directories in common locations (workspace, home, desktop)
Before using it, specify the project folders and date range you want included, especially if your home or desktop contains personal or unrelated repositories.
If those tools are configured, the agent may read tasks or meetings and may create or update a Feishu document when exporting.
The skill may use already-configured task manager, calendar, or document integrations. These account accesses are relevant to the report-writing purpose, but they are not declared as required credentials in metadata.
Task manager | Completed/pending tasks ... Calendar | Meetings, events ... If todoist CLI is available, query completed tasks ... Feishu doc | `feishu_doc` → `create` then `write`
Use only accounts you intend to include, and ask the agent to confirm before creating or writing external documents.
It is harder to independently verify the publisher or project history, but there is no executable package shown here.
The skill has limited provenance information, though it does not include installable code or dependencies in the provided artifacts.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the visible instructions and install only if you trust the registry publisher and the requested data collection fits your workflow.