← Back to Skills Marketplace
1989tianlong

YTLong Daily Report

by 1989tianlong · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
376
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install ytlong-daily-report
Description
Automatically generate daily/weekly work reports from git commits, calendar events, and task lists. Use when you need to quickly create professional work rep...
Usage Guidance
The skill claims it aggregates git, calendar, and tasks, but the code only reads git commits — treat calendar/task features as unimplemented. Before installing or running: (1) review .reportrc.json and only include trusted local repo paths — untrusted paths can lead to shell injection because the code embeds repo strings into a shell command; (2) prefer to run the script in a non-sensitive directory and inspect the generated report file; (3) if you need calendar/task integration, request clarification or an updated version that implements and documents secure OAuth handling; (4) consider patching the code to avoid execSync string interpolation (use child_process.spawn with argument arrays or validate/sanitize repo paths) to eliminate command-injection risk.
Capability Analysis
Type: OpenClaw Skill Name: ytlong-daily-report Version: 1.0.0 The skill contains a shell injection vulnerability in index.js within the getGitLogs function, where repository paths from the .reportrc.json configuration file are interpolated directly into a shell command via execSync. While the code appears to serve its stated purpose of generating git-based reports, the lack of input sanitization on the 'repo' variable allows for arbitrary command execution. Additionally, SKILL.md claims features like calendar and task integration that are entirely absent from the provided implementation.
Capability Assessment
Purpose & Capability
SKILL.md and the description claim aggregation from git, calendar, and task managers (Google/Apple/Apple Reminders). The shipped index.js implements only git commit collection and report generation; there is no calendar or task integration code. This is a clear mismatch between claimed capabilities and actual implementation.
Instruction Scope
Runtime instructions tell the user to run node index.js and create .reportrc.json. The program reads .reportrc.json and executes shell commands via execSync: it constructs a command string containing the configured repo path and runs cd "<repo>" && git log ... via the shell. Because repo paths are interpolated into a shell string, a malicious or malformed repo entry in .reportrc.json can cause shell command injection. The script also writes report files to the current working directory (report-<since>.md).
Install Mechanism
No install spec is provided (instruction-only skill plus included Node files). package.json is present but there are no external dependencies and installation is standard npm install. Nothing is downloaded from unknown hosts during install.
Credentials
The skill declares no required environment variables or credentials, which matches the code. However SKILL.md mentions optional calendar access (Google/Apple) without specifying how credentials would be provided; since no calendar code exists, there is currently no handling of OAuth tokens or secrets — this inconsistency should be clarified before trusting calendar/task features.
Persistence & Privilege
The skill does not request persistent 'always' presence, does not modify other skills or global agent settings, and only writes a report file to the working directory. No elevated platform privileges are requested.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install ytlong-daily-report
  3. After installation, invoke the skill by name or use /ytlong-daily-report
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
First release: auto-generate daily/weekly reports from git commits
Metadata
Slug ytlong-daily-report
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is YTLong Daily Report?

Automatically generate daily/weekly work reports from git commits, calendar events, and task lists. Use when you need to quickly create professional work rep... It is an AI Agent Skill for Claude Code / OpenClaw, with 376 downloads so far.

How do I install YTLong Daily Report?

Run "/install ytlong-daily-report" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is YTLong Daily Report free?

Yes, YTLong Daily Report is completely free (open-source). You can download, install and use it at no cost.

Which platforms does YTLong Daily Report support?

YTLong Daily Report is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created YTLong Daily Report?

It is built and maintained by 1989tianlong (@1989tianlong); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments