Report

Configure custom recurring reports. User defines data sources, skill handles scheduling and formatting.

This skill appears to do what it says, but before installing: 1) Review and restrict access to ~/report/ (it will store configs, data, and logs). 2) Only set API keys as environment variables if you trust the reporting configs and the machine; prefer per-report least-privilege keys and rotate them if possible. 3) Carefully vet any delivery endpoints (webhook URLs, Telegram chat IDs, email recipients) — reports may contain sensitive data and scheduled runs will send them automatically. 4) Confirm your agent environment supports the referenced actions (cron scheduling, 'browser action' PDF rendering, and delivery integrations). 5) If you need monitoring/auditing, keep delivery.log and generated files under a secure directory and review failures regularly.

Type: OpenClaw Skill Name: report Version: 1.0.3 The skill's stated purpose of report generation and delivery is benign. However, it presents several potential vulnerabilities that could be exploited by a malicious user of the skill. The `delivery.md` file instructs the agent to create cron jobs with payloads containing user-defined strings (e.g., `{report-name}`, `{channel}`), which could be vectors for prompt injection or command injection if not properly sanitized by the agent. Additionally, `formats.md` uses `browser action=pdf targetUrl=file:///path.html`, where `path.html` could be manipulated for local file disclosure. The `schema.md` also defines a 'Data Prompt' field, a user-controlled string that could be used for prompt injection against the agent. These capabilities, while functional, introduce significant risks if the agent's execution environment lacks robust input sanitization and sandboxing.