← Back to Skills Marketplace
ivangdavila

Report

by Iván · GitHub ↗ · v1.0.3
linuxdarwinwin32 ⚠ suspicious
1335
Downloads
2
Stars
7
Active Installs
4
Versions
Install in OpenClaw
/install report
Description
Configure custom recurring reports. User defines data sources, skill handles scheduling and formatting.
Usage Guidance
This skill appears to do what it says, but before installing: 1) Review and restrict access to ~/report/ (it will store configs, data, and logs). 2) Only set API keys as environment variables if you trust the reporting configs and the machine; prefer per-report least-privilege keys and rotate them if possible. 3) Carefully vet any delivery endpoints (webhook URLs, Telegram chat IDs, email recipients) — reports may contain sensitive data and scheduled runs will send them automatically. 4) Confirm your agent environment supports the referenced actions (cron scheduling, 'browser action' PDF rendering, and delivery integrations). 5) If you need monitoring/auditing, keep delivery.log and generated files under a secure directory and review failures regularly.
Capability Analysis
Type: OpenClaw Skill Name: report Version: 1.0.3 The skill's stated purpose of report generation and delivery is benign. However, it presents several potential vulnerabilities that could be exploited by a malicious user of the skill. The `delivery.md` file instructs the agent to create cron jobs with payloads containing user-defined strings (e.g., `{report-name}`, `{channel}`), which could be vectors for prompt injection or command injection if not properly sanitized by the agent. Additionally, `formats.md` uses `browser action=pdf targetUrl=file:///path.html`, where `path.html` could be manipulated for local file disclosure. The `schema.md` also defines a 'Data Prompt' field, a user-controlled string that could be used for prompt injection against the agent. These capabilities, while functional, introduce significant risks if the agent's execution environment lacks robust input sanitization and sandboxing.
Capability Assessment
Purpose & Capability
Name/description (recurring reports, scheduling, formatting) align with required actions: creating ~/report/, storing config/data, scheduling jobs, rendering formats, and delivering via channels. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md explicitly reads/writes under ~/report/, manages cron-scheduled jobs, and can POST to webhooks / send to Telegram / email. That is within reporting scope, but the skill will deliver report content to external endpoints configured by the user — verify each destination is trusted before configuring it. The instructions also reference a 'browser action=pdf' step (headless browser) which implies the agent environment must provide a PDF-rendering capability.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk delivery mechanism. It does not download or install external packages.
Credentials
No required environment variables or credentials are declared; API keys are optional and explicitly user-provided (examples: STRIPE_API_KEY, GITHUB_TOKEN). The declared metadata shows optional USER_PROVIDED_API_KEYS. Requested env usage is proportional to the stated purpose.
Persistence & Privilege
always:false (normal). The skill relies on scheduled cron jobs which will cause autonomous execution at configured times — expected for a scheduling/reporting tool. Users should be aware scheduled runs may send data to configured external channels without an interactive prompt.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install report
  3. After installation, invoke the skill by name or use /report
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
Fixed path consistency, declared optional env vars in metadata
v1.0.2
User-driven data source model, explicit permission grants
v1.0.1
Report index now persists across skill updates
v1.0.0
Initial release
Metadata
Slug report
Version 1.0.3
License
All-time Installs 7
Active Installs 7
Total Versions 4
Frequently Asked Questions

What is Report?

Configure custom recurring reports. User defines data sources, skill handles scheduling and formatting. It is an AI Agent Skill for Claude Code / OpenClaw, with 1335 downloads so far.

How do I install Report?

Run "/install report" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Report free?

Yes, Report is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Report support?

Report is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin, win32).

Who created Report?

It is built and maintained by Iván (@ivangdavila); the current version is v1.0.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments