← 返回 Skills 市场
Weekly Report Flow Yjf
作者
yaojiangfeng
· GitHub ↗
· v1.0.2
· MIT-0
114
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install weekly-report-flow-yjf
功能描述
Generate and submit weekly reports from Aliyun DevOps workitems via EMOP API. Use when asked to run the weekly report flow, backfill missing weeks, or explai...
安全使用建议
This skill appears to do what it claims (pull from Aliyun DevOps and POST summaries to EMOP), but packaging and instructions are inconsistent in ways that increase risk. Before installing or running it:
- Ask the author to correct the manifest to list required environment variables (DEVOPS_TOKEN, EMOP_TOKEN) and to declare a primary credential. The manifest should match SKILL.md.
- Clarify the 'use browser session' fallback. Do not allow any automated agent action that reads browser cookies, local browser storage, or other system secrets unless you explicitly audit and approve that behavior.
- Inspect any referenced local scripts (the listed C:\Users\Administrator\.openclaw\workspace files). The skill references local script paths — open and review those files before running anything that will execute them.
- Provide least-privilege tokens: use service account or scoped tokens that can only read workitems or submit reports, and be prepared to rotate them.
- Run first in a restricted environment or sandbox and monitor outbound requests to confirm only the documented endpoints (devops.aliyun.com and emop.oureman.com) are contacted.
If the author cannot or will not fix the manifest/instructions and explain the browser-session behavior and referenced local scripts, treat the skill as unsafe to use with sensitive credentials.
功能分析
Type: OpenClaw Skill
Name: weekly-report-flow-yjf
Version: 1.0.2
The skill bundle is a specialized automation tool designed to generate and submit weekly reports by fetching workitems from Aliyun DevOps and posting them to an EMOP API (emop.oureman.com). While it handles sensitive credentials (DEVOPS_TOKEN and EMOP_TOKEN), the instructions in SKILL.md explicitly mandate that these tokens should not be written to disk, and the data flow is consistent with the stated purpose of report generation. The hardcoded file paths in references/cli.md suggest a highly customized local environment rather than a generic attack vector.
能力评估
Purpose & Capability
The described capability (generate weekly reports from Aliyun DevOps and submit to EMOP) aligns with the API endpoints and payloads in SKILL.md and references. However the package metadata declared no required environment variables while the SKILL.md explicitly requires DEVOPS_TOKEN and EMOP_TOKEN — this mismatch reduces trust in the packaging and documentation.
Instruction Scope
Instructions tell the agent to use DevOps API and POST to EMOP (expected), but also say to 'Use browser session if direct API returns 403' without specifying how. That fallback could push an agent to access browser cookies/sessions or other local state. The references file lists absolute local script paths and an output markdown path under C:\Users\Administrator\.openclaw\workspace, suggesting the skill expects or references local artifacts; the SKILL.md simultaneously says 'never write to disk' for tokens — these contradictions are concerning.
Install Mechanism
This is instruction-only with no install spec and no code files, so there is no installer risk. Nothing will be written to disk by an install step in this package itself.
Credentials
The runtime needs two sensitive secrets (DEVOPS_TOKEN and EMOP_TOKEN) which are reasonable for the stated purpose, but the skill metadata did not declare required env vars or a primary credential. That omission is an inconsistency that could lead to accidental credential leakage or misuse. Also the instructions' ambiguous browser-session fallback raises the risk that other local credentials or cookies could be accessed if not properly constrained.
Persistence & Privilege
always:false and no install/persistence mechanism are present. The skill does not request permanent presence or elevated platform privileges in the manifest.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install weekly-report-flow-yjf - 安装完成后,直接呼叫该 Skill 的名称或使用
/weekly-report-flow-yjf触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
No functional or documentation changes in this version.
- No file changes detected between versions 1.0.0 and 1.0.1.
- SKILL.md content remains exactly the same.
v1.0.0
- Initial release of the weekly-report-flow skill.
- Automates generating and submitting weekly reports from Aliyun DevOps workitems to EMOP using API integrations.
- Supports flows for report generation, backfilling missing weeks, and automating DevOps→summary→EMOP report submissions.
- Summarizes work in formal Chinese suitable for department use; provides outputs in both Markdown and HTML.
- Handles authentication securely with required tokens from the environment only.
元数据
常见问题
Weekly Report Flow Yjf 是什么?
Generate and submit weekly reports from Aliyun DevOps workitems via EMOP API. Use when asked to run the weekly report flow, backfill missing weeks, or explai... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 114 次。
如何安装 Weekly Report Flow Yjf?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install weekly-report-flow-yjf」即可一键安装,无需额外配置。
Weekly Report Flow Yjf 是免费的吗?
是的,Weekly Report Flow Yjf 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Weekly Report Flow Yjf 支持哪些平台?
Weekly Report Flow Yjf 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Weekly Report Flow Yjf?
由 yaojiangfeng(@yaojiangfeng)开发并维护,当前版本 v1.0.2。
推荐 Skills