← 返回 Skills 市场
omermesebuken1

Report Builder

作者 omermesebuken1 · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ⚠ suspicious
131
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install report-builder
功能描述
Use when the main operator needs to turn the nightly shortlist into a Telegram morning report with inline approve/reject/later buttons.
安全使用建议
Before installing or running this skill: (1) expect to provide a Notion API token, two Notion DB IDs (ideas and nightly runs), and a Telegram target—these are required though not declared; (2) review the included scripts carefully—build_report.mjs queries Notion and send_report.mjs spawns the local 'openclaw' binary and also runs a node script at an absolute path (/Users/dellymac/.openclaw/skills/notion-pipeline/scripts/factory_ops.mjs). That last behavior executes code outside the skill and could run arbitrary local logic—verify that target file (or change the code) before use; (3) verify the openclaw CLI behavior and ensure no unrelated secrets in your environment will be forwarded to child processes; (4) ask the publisher to update SKILL.md/registry metadata to list required env vars and to remove/justify calls to external absolute paths (or provide the referenced helper modules inside the bundle). If you cannot inspect or control the referenced local scripts, run this in a sandbox or decline the skill.
功能分析
Type: OpenClaw Skill Name: report-builder Version: 0.1.0 The skill bundle is a standard automation tool designed to fetch data from Notion and send formatted reports to Telegram via the OpenClaw CLI. While it contains hardcoded absolute paths (e.g., `/Users/dellymac/...` in `build_report.mjs` and `send_report.mjs`) which limit portability, the logic is transparent and aligns with the stated purpose. There is no evidence of data exfiltration, malicious execution, or prompt injection; it uses standard Node.js APIs and official Notion endpoints.
能力评估
Purpose & Capability
The skill's stated purpose is Notion -> Telegram reports, which would legitimately require Notion credentials/DB IDs and a Telegram target, but the registry metadata declares no required environment variables or primary credential. The code clearly expects OPENCLAW_NOTION_TOKEN, OPENCLAW_NOTION_DB_PROJECT_IDEAS, OPENCLAW_NOTION_DB_NIGHTLY_RUNS, and OPENCLAW_TELEGRAM_TARGET (among possible others). This mismatch between claimed requirements and actual needs is incoherent and surprising.
Instruction Scope
SKILL.md instructs running the included build and send scripts, which is expected, but those scripts: (1) call out to the Notion API and will fail unless tokens/DB IDs are present, (2) load local environment via an imported loadLocalEnv module, and (3) the sender executes (via node) an absolute path under /Users/dellymac/.openclaw/.../factory_ops.mjs to record deliveries. Running code outside the bundle and importing local helper modules expands scope beyond the described skill and may execute arbitrary local code.
Install Mechanism
No install spec (instruction-only) and included JS scripts—no network downloads or package installs are declared. That's lower install risk, but the bundle contains executable scripts that will run with the user's Node and rely on an external 'openclaw' binary.
Credentials
The scripts require sensitive environment variables (Notion bearer token and DB IDs, plus a Telegram target) but the registry declares none. The sender forwards process.env to spawned processes and invokes openclaw with that environment, which could expose unrelated secrets if present. The number and sensitivity of env variables is reasonable for the task, but failing to declare them is a proportionality/Transparency problem.
Persistence & Privilege
The skill is not flagged 'always' and does not request system-wide persistence; however it executes another local skill/script via an absolute path (factory_ops.mjs) and imports a local loadLocalEnv module. That cross-skill/local-code execution increases privilege surface because sending a report triggers execution of code outside this bundle, which is unexpected and potentially dangerous.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install report-builder
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /report-builder 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial publish
元数据
Slug report-builder
版本 0.1.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Report Builder 是什么?

Use when the main operator needs to turn the nightly shortlist into a Telegram morning report with inline approve/reject/later buttons. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 131 次。

如何安装 Report Builder?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install report-builder」即可一键安装,无需额外配置。

Report Builder 是免费的吗?

是的,Report Builder 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Report Builder 支持哪些平台?

Report Builder 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Report Builder?

由 omermesebuken1(@omermesebuken1)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论