← 返回 Skills 市场
139
总下载
0
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install scheduled-reports
功能描述
Define, preview, approve, and manage recurring reports for OpenClaw. Use when the user asks for a scheduled report, daily or weekly report, automatic report,...
安全使用建议
This skill appears to implement a legitimate scheduled-report workflow and includes a local Python validator, but there are a few things to clarify before installing:
- Ask the publisher to confirm the correct file paths and packaging (SKILL.md references skills/scheduled-reports/scripts/..., but the included script is at scripts/validate_report_definition.py). This mismatch could break validation or indicate sloppy packaging.
- Confirm where approved definitions, previews, and cron metadata will be written (exact config paths or storage service). The package metadata lists no required config paths, but the workflow clearly writes files — you should know the exact locations and access controls.
- Ask what platform privileges are needed to create/modify OpenClaw cron jobs and to deliver artifacts (email/chat/webhook). If email or cron creation requires additional credentials, those should be declared and scoped narrowly.
- Review the full validator script (already included) for network calls or unexpected behavior before running it in production. As provided the script looks like a local JSON/schema validator, but you should confirm the truncated portion contains no hidden network access or subprocess calls.
- If you plan to test this skill, do so in a restricted environment (no access to sensitive production data) until you confirm the storage paths, cron behavior, and any required service credentials.
If the author can confirm the path/config omissions are packaging errors and provide explicit storage/permission details, this package would be coherent; until then treat it as suspicious.
功能分析
Type: OpenClaw Skill
Name: scheduled-reports
Version: 1.4.0
The scheduled-reports skill bundle is a well-architected tool for managing recurring reports with a strong emphasis on security and integrity. Key indicators of its benign nature include the implementation of integrity hashing for report definitions (lockedSubtreeSha256), strict validation of delivery targets to prevent SSRF and path traversal in scripts/validate_report_definition.py, and explicit instructions in SKILL.md to treat report data as untrusted to mitigate prompt injection. The skill enforces human-in-the-loop approval and uses environment fingerprinting to ensure runtime consistency.
能力评估
Purpose & Capability
The skill is described as a recurring-report definition/cron manager and includes a Python validator (python3 required) which is appropriate. However the SKILL.md refers to a validation command path (skills/scheduled-reports/scripts/...) that does not match the packaged script path (scripts/validate_report_definition.py). The skill claims it will persist definitions and previews but declares no required config paths; that mismatch suggests packaging or metadata oversight.
Instruction Scope
The instructions direct the agent to lock data sources, pin query files by hash, generate preview artifacts on disk, save approved definitions, compute integrity hashes, run activation checks, and create OpenClaw cron jobs. Those actions imply write access to repository/config storage, access to rendering skills (pdf-report, chart-mpl), and ability to create cron jobs — none of which are enumerated in requires.env or config paths. The SKILL.md's explicit requirement that previews must exist on disk and be attached is reasonable functionally but gives the skill broad discretion to read/write files and persist metadata; the absence of declared config paths and the path mismatch are concerning.
Install Mechanism
No install spec (instruction-only with an included utility script) and only python3 required. The validator is a local script (no downloads or external installs), which is low-risk. No suspicious install URLs or archive extraction are present.
Credentials
The skill requests no environment variables or external credentials, which is proportionate to a validator/definition helper. However, the runtime workflow implicitly requires platform-level capabilities (deliver to email/conversation, create cron jobs, store artifacts in 'private, access-controlled storage') and may require service credentials or host permissions that are not declared. That discrepancy should be clarified.
Persistence & Privilege
always:false and model invocation is allowed (normal). The skill is designed to persist definitions, previews, and cron metadata, which is consistent with its purpose — but the package does not declare where (config paths) or how (what storage) these persisted files live. This omission increases the risk that the agent will write files to unexpected locations.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install scheduled-reports - 安装完成后,直接呼叫该 Skill 的名称或使用
/scheduled-reports触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.4.0
Hardened scheduled report approval and delivery flow: previews must be generated and sent inline with the approval request, missing previews must be regenerated/resend instead of repeated as text, chat deliveries now require caption context, preview validation now requires a real artifact file, filename guidance is more human-readable, and workflow docs now clarify schedule ambiguity handling, inbound chat-target defaults, and known host-enforced limitations.
v1.2.0
**Chat channels now require captions.** Added `delivery.definition.messageTemplate` for `conversation` and `thread`. It's the caption that ships with the report artifact, so recipients see context instead of a bare file.
**Preview delivery is atomic.** The agent now sends the preview artifact and its approval ask in a single outbound response — the caption *is* the approval request. Fixes the case where the preview arrived after the approver asked "where is it?"
**Cron output contract pinned.** Runtime now emits exactly one caption block followed by one `MEDIA:<path>` line — no bare media tokens, no split responses.
**Filenames are human-readable.** Canonical example updated; guidance added on avoiding shell/URL-breaking characters and duplicated years.
v1.1.1
No user-facing changes; version bump only.
- Updated version from 1.0.0 to 1.1.1.
- No changes detected in skill documentation or logic.
v1.1.0
Updated the scheduled-reports skill to focus on approved recurring-report setup for OpenClaw cron execution. Replaced the old data/rendering contract with locked dataSources, uiDefinition, executionPrompt, and runtimeGuards. Added preview approval, approval/verification metadata, integrity hashing for locked report inputs and query files, safer delivery validation, canonical schedule summaries, schemaVersion, and stronger validator enforcement for enabled/paused reports. Clarified runtime boundaries, per-run revalidation requirements, privacy guidance, and the role of environment fingerprints.
v1.0.0
Initial release of the scheduled-reports skill.
Adds a generic OpenClaw skill for creating, validating, and managing saved recurring report definitions.
Includes a structured report-definition contract, deterministic lifecycle guidance, trigger validation, delivery target validation, timezone validation, and compatibility checks across delivery, data, and rendering execution skills.
Uses config-based storage conventions instead of conversational memory paths.
元数据
常见问题
Scheduled Reports 是什么?
Define, preview, approve, and manage recurring reports for OpenClaw. Use when the user asks for a scheduled report, daily or weekly report, automatic report,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 139 次。
如何安装 Scheduled Reports?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install scheduled-reports」即可一键安装,无需额外配置。
Scheduled Reports 是免费的吗?
是的,Scheduled Reports 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Scheduled Reports 支持哪些平台?
Scheduled Reports 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Scheduled Reports?
由 Umbra(@mohamed-hammane)开发并维护,当前版本 v1.4.0。
推荐 Skills