← 返回 Skills 市场
nexaiguy

Nex Reports

作者 Nex AI · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
83
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install nex-reports
功能描述
Automated report generation and scheduling meta-skill that aggregates data from multiple Nex tools into unified, actionable business briefings for day-to-day...
安全使用建议
This package is largely coherent with its stated purpose, but proceed cautiously: - Inspect setup.sh before running it (it will be executed by the Quick Start and can modify your user environment). - Treat IMAP_PASS and TELEGRAM_TOKEN as sensitive — use app-specific passwords where possible and store them securely (not in public shells or logs). - The CUSTOM module executes arbitrary shell commands from report configs; avoid adding untrusted commands and consider running this tool under a dedicated user with limited permissions or in a sandbox if you plan to use CUSTOM. - Review the code (modules.py and setup.sh) locally to confirm there are no hidden network endpoints or unexpected behavior before installing on production systems. If you want higher confidence, provide the contents of setup.sh and the remainder of modules.py (the CUSTOM/run_module implementation) so they can be reviewed specifically for shell invocation semantics (shell=True, command interpolation) or unexpected network calls.
功能分析
Type: OpenClaw Skill Name: nex-reports Version: 1.0.0 The nex-reports skill bundle is a reporting tool that aggregates data from various sources, including email and external CLI tools. It is classified as suspicious due to high-risk capabilities, most notably the 'CUSTOM' module in 'lib/modules.py' which executes arbitrary shell commands using 'subprocess.run(shell=True)'. The tool also manages sensitive credentials (IMAP passwords and Telegram tokens) and accesses email headers. While these features are aligned with the stated purpose of automated reporting, they provide a significant attack surface for command injection and credential exposure. No evidence of intentional malice or unauthorized data exfiltration was found.
能力标签
cryptocan-make-purchases
能力评估
Purpose & Capability
Name/description align with required binaries and env vars: python3, IMAP_*, and TELEGRAM_* are appropriate for IMAP email checks and Telegram delivery. However the registry metadata labels this as 'instruction-only' (no install spec) while the package includes multiple code files and a setup.sh — that mismatch is an incoherence you should be aware of.
Instruction Scope
SKILL.md and code instruct the agent/CLI to read IMAP mail, parse local files (ICS, JSON taskboard), run other nex-* tools, format output, save to ~/.nex-reports/, and send via Telegram — all within the declared purpose. The SKILL.md also exposes a CUSTOM module that runs arbitrary shell commands as part of reports; this is a legitimate feature for a 'custom' module but it expands the agent's execution scope (it can execute user-provided commands) and should be used with caution.
Install Mechanism
Registry metadata claims no install spec (instruction-only), but the package contains a setup.sh and a CLI entry (nex-reports.py). The SKILL.md tells users to run 'bash setup.sh'. Because there's no formal install spec recorded, you should manually inspect setup.sh before running it; it may create files, install the CLI into user paths, or perform other system changes.
Credentials
Requested env vars (IMAP_HOST, IMAP_USER, IMAP_PASS, IMAP_PORT, TELEGRAM_TOKEN, TELEGRAM_CHAT_ID) are consistent with the EMAIL and Telegram features. These are sensitive credentials (IMAP password and Telegram bot token) and are proportionate to the feature set — but should be provided carefully and not to an untrusted environment. No unrelated secrets were requested.
Persistence & Privilege
The skill does not request always:true, does not require system-wide privileges, and stores data under the user's home directory (~/.nex-reports/) and an SQLite DB — this is typical for a CLI utility. It does not appear to modify other skills or global agent settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install nex-reports
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /nex-reports 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
Slug nex-reports
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Nex Reports 是什么?

Automated report generation and scheduling meta-skill that aggregates data from multiple Nex tools into unified, actionable business briefings for day-to-day... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 83 次。

如何安装 Nex Reports?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install nex-reports」即可一键安装,无需额外配置。

Nex Reports 是免费的吗?

是的,Nex Reports 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Nex Reports 支持哪些平台?

Nex Reports 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Nex Reports?

由 Nex AI(@nexaiguy)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论