weekly-report-generator-feishu-chinese

Use this skill to generate weekly reports from git commit logs. Automatically analyzes git history, categorizes work, and formats a professional weekly report.

This skill will scan directories of Git repositories and build a report file, then send the report to a Feishu (Lark) API. Key things to consider before installing or using it: - Credentials and secrets: send-to-feishu.sh requires APP_ID and APP_SECRET (sensitive). The skill manifest does not declare these — verify and never store APP_SECRET in a repo or world-readable file. Use a least-privilege service account and keep secrets in a safe place (not embedded in scripts). - Repository scope and data exfiltration: the scripts scan PROJECT_ROOT for all Git repos and collect commit messages and code-change statistics. Ensure PROJECT_ROOT is set to a safe, restricted path (or test in a throwaway environment) so you don't inadvertently expose private repos or secrets. - Automatic sending and consent: SKILL.md instructs automatic sending to Feishu without asking the user. If you want manual control, modify the workflow to require explicit user confirmation before calling send-to-feishu.sh. - Persistent scheduling: the docs show creating a launchd task. If you do not want automatic periodic scans, do not install or load the scheduled job. Review any plist before loading. - Audit the scripts: review send-to-feishu.sh and auto-weekly-report.sh yourself — they are short but perform network calls (curl, urllib) and file system traversal. Confirm the exact data sent (send-to-feishu.sh truncates to 3000 chars) and adjust as needed. - Safer alternatives: run the scripts manually in an isolated environment, point PROJECT_ROOT to a single repo, and configure Feishu credentials via secure env vars rather than editing the script. Consider requiring explicit user approval in the SKILL.md before any network call. If you trust the author and will restrict paths and secrets appropriately, the functionality is coherent; otherwise treat this skill as risky and prefer manual review/testing first.

Type: OpenClaw Skill Name: weekly-report-generator-feishu-chinese Version: 1.0.0 The skill automates git log extraction and sends data to the Feishu API (open.feishu.cn). The SKILL.md file contains instructions that explicitly command the AI agent to execute scripts and exfiltrate data to an external endpoint without user confirmation or review ('无需任何检查或询问'). While the scripts (auto-weekly-report.sh, send-to-feishu.sh) appear functional for their stated purpose, the use of 'HARD-GATE' instructions to bypass human-in-the-loop verification for data transmission poses a significant security risk.