← Back to Skills Marketplace
Weekly Report Flow Yjf
by
yaojiangfeng
· GitHub ↗
· v1.0.2
· MIT-0
114
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install weekly-report-flow-yjf
Description
Generate and submit weekly reports from Aliyun DevOps workitems via EMOP API. Use when asked to run the weekly report flow, backfill missing weeks, or explai...
Usage Guidance
This skill appears to do what it claims (pull from Aliyun DevOps and POST summaries to EMOP), but packaging and instructions are inconsistent in ways that increase risk. Before installing or running it:
- Ask the author to correct the manifest to list required environment variables (DEVOPS_TOKEN, EMOP_TOKEN) and to declare a primary credential. The manifest should match SKILL.md.
- Clarify the 'use browser session' fallback. Do not allow any automated agent action that reads browser cookies, local browser storage, or other system secrets unless you explicitly audit and approve that behavior.
- Inspect any referenced local scripts (the listed C:\Users\Administrator\.openclaw\workspace files). The skill references local script paths — open and review those files before running anything that will execute them.
- Provide least-privilege tokens: use service account or scoped tokens that can only read workitems or submit reports, and be prepared to rotate them.
- Run first in a restricted environment or sandbox and monitor outbound requests to confirm only the documented endpoints (devops.aliyun.com and emop.oureman.com) are contacted.
If the author cannot or will not fix the manifest/instructions and explain the browser-session behavior and referenced local scripts, treat the skill as unsafe to use with sensitive credentials.
Capability Analysis
Type: OpenClaw Skill
Name: weekly-report-flow-yjf
Version: 1.0.2
The skill bundle is a specialized automation tool designed to generate and submit weekly reports by fetching workitems from Aliyun DevOps and posting them to an EMOP API (emop.oureman.com). While it handles sensitive credentials (DEVOPS_TOKEN and EMOP_TOKEN), the instructions in SKILL.md explicitly mandate that these tokens should not be written to disk, and the data flow is consistent with the stated purpose of report generation. The hardcoded file paths in references/cli.md suggest a highly customized local environment rather than a generic attack vector.
Capability Assessment
Purpose & Capability
The described capability (generate weekly reports from Aliyun DevOps and submit to EMOP) aligns with the API endpoints and payloads in SKILL.md and references. However the package metadata declared no required environment variables while the SKILL.md explicitly requires DEVOPS_TOKEN and EMOP_TOKEN — this mismatch reduces trust in the packaging and documentation.
Instruction Scope
Instructions tell the agent to use DevOps API and POST to EMOP (expected), but also say to 'Use browser session if direct API returns 403' without specifying how. That fallback could push an agent to access browser cookies/sessions or other local state. The references file lists absolute local script paths and an output markdown path under C:\Users\Administrator\.openclaw\workspace, suggesting the skill expects or references local artifacts; the SKILL.md simultaneously says 'never write to disk' for tokens — these contradictions are concerning.
Install Mechanism
This is instruction-only with no install spec and no code files, so there is no installer risk. Nothing will be written to disk by an install step in this package itself.
Credentials
The runtime needs two sensitive secrets (DEVOPS_TOKEN and EMOP_TOKEN) which are reasonable for the stated purpose, but the skill metadata did not declare required env vars or a primary credential. That omission is an inconsistency that could lead to accidental credential leakage or misuse. Also the instructions' ambiguous browser-session fallback raises the risk that other local credentials or cookies could be accessed if not properly constrained.
Persistence & Privilege
always:false and no install/persistence mechanism are present. The skill does not request permanent presence or elevated platform privileges in the manifest.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install weekly-report-flow-yjf - After installation, invoke the skill by name or use
/weekly-report-flow-yjf - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
No functional or documentation changes in this version.
- No file changes detected between versions 1.0.0 and 1.0.1.
- SKILL.md content remains exactly the same.
v1.0.0
- Initial release of the weekly-report-flow skill.
- Automates generating and submitting weekly reports from Aliyun DevOps workitems to EMOP using API integrations.
- Supports flows for report generation, backfilling missing weeks, and automating DevOps→summary→EMOP report submissions.
- Summarizes work in formal Chinese suitable for department use; provides outputs in both Markdown and HTML.
- Handles authentication securely with required tokens from the environment only.
Metadata
Frequently Asked Questions
What is Weekly Report Flow Yjf?
Generate and submit weekly reports from Aliyun DevOps workitems via EMOP API. Use when asked to run the weekly report flow, backfill missing weeks, or explai... It is an AI Agent Skill for Claude Code / OpenClaw, with 114 downloads so far.
How do I install Weekly Report Flow Yjf?
Run "/install weekly-report-flow-yjf" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Weekly Report Flow Yjf free?
Yes, Weekly Report Flow Yjf is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Weekly Report Flow Yjf support?
Weekly Report Flow Yjf is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Weekly Report Flow Yjf?
It is built and maintained by yaojiangfeng (@yaojiangfeng); the current version is v1.0.2.
More Skills