← 返回 Skills 市场
Weekly Report Generator
作者
fx-world888
· GitHub ↗
· v1.0.0
· MIT-0
77
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install weekly-report-fx
功能描述
AI-powered weekly report generator. Scans GitHub issues/PRs, calendar events, reminders, and project files to generate a polished weekly report in Markdown....
安全使用建议
This skill appears to implement GitHub-based weekly reports and does not contain obviously malicious code, but there are mismatches you should be comfortable with before installing:
- The registry metadata declares no required env vars, but the code uses GITHUB_TOKEN and README/SKILL.md mention FEISHU and reminders credentials. Treat this as an omission and assume you must provide a token for private repo access.
- The SKILL.md/README reference additional source files (calendar/reminders collectors) that are not included. The missing files may mean some integrations won't work or the package is incomplete.
- The script uses dotenv and will load a local .env if present — ensure your .env does not contain unrelated secrets you don't want the skill to read.
Steps to reduce risk:
- Inspect the included scripts/generate-report.mjs yourself (or have a developer do so) to confirm where network calls are sent (GitHub API is expected). Look for any hard-coded remote endpoints beyond api.github.com.
- If you must provide a GITHUB_TOKEN, create a token with the minimum scopes required (public_repo or repo scope as needed), or use a read-only token / throwaway account if you want to test.
- Run the skill in dry-run mode first and with GITHUB_TOKEN unset to verify behaviour without exposing credentials.
- Ask the publisher for the missing source files or a project homepage and verify the author (fx-world888) before providing any private credentials.
Given the inconsistencies (undeclared env vars, missing modules), I mark this as suspicious rather than benign; these could be harmless packaging oversights but deserve verification.
功能分析
Type: OpenClaw Skill
Name: weekly-report-fx
Version: 1.0.0
The skill is a legitimate utility for generating weekly work reports by aggregating data from GitHub (issues, PRs, commits). The core logic in `scripts/generate-report.mjs` uses standard GitHub API calls with user-provided environment variables (`GITHUB_TOKEN`) and performs local file operations to save the resulting report. No evidence of data exfiltration to unauthorized endpoints, malicious execution, or prompt injection was found.
能力标签
能力评估
Purpose & Capability
The skill's stated purpose (aggregate GitHub, calendar, reminders) matches the included code which clearly implements GitHub collection and local report generation. However SKILL.md and README reference additional source modules (scripts/sources/*) and calendar/reminder integrations that are not present in the file manifest; this suggests either incomplete packaging or overstated capabilities.
Instruction Scope
The runtime instructions focus on fetching GitHub data and generating a local report, which is within scope. They instruct users to set GITHUB_TOKEN and optional FEISHU/Reminders integrations. The code uses GITHUB_TOKEN and dotenv; reminders/calendar integrations are described as relying on other skills but the code's reminders collector is a placeholder that returns no data. Instructions are not asking the agent to read unrelated system files, nor to exfiltrate to unknown endpoints.
Install Mechanism
There is no install spec that downloads remote archives or executes installers; the package simply includes a Node script and package.json listing small, common dependencies (date-fns, dotenv). This is low risk from an installation-source perspective.
Credentials
Registry metadata lists no required environment variables, yet SKILL.md and the script document and use GITHUB_TOKEN (and README mentions FEISHU_APP_ID/FEISHU_APP_SECRET). The skill loads .env via dotenv, which means any local .env secrets could be read at runtime. The absence of declared required env vars in the registry is an inconsistency that reduces transparency and could surprise users who assume no credentials are needed.
Persistence & Privilege
The skill is not force-enabled (always:false) and does not request system-wide configuration changes or elevated privileges. It runs as a one-off script and does not persist or modify other skills' settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install weekly-report-fx - 安装完成后,直接呼叫该 Skill 的名称或使用
/weekly-report-fx触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of weekly-report-fx.
- Generates weekly reports by scanning GitHub issues/PRs/commits, calendar events, and reminders.
- Supports output in Markdown, HTML, or plain text with customizable report styles.
- Integrates with GitHub, Feishu Calendar, Apple Reminders, and Things 3.
- Employs AI to distill raw data into readable summaries.
- Includes configurable options for time period, formatting, and style.
元数据
常见问题
Weekly Report Generator 是什么?
AI-powered weekly report generator. Scans GitHub issues/PRs, calendar events, reminders, and project files to generate a polished weekly report in Markdown.... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 77 次。
如何安装 Weekly Report Generator?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install weekly-report-fx」即可一键安装,无需额外配置。
Weekly Report Generator 是免费的吗?
是的,Weekly Report Generator 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Weekly Report Generator 支持哪些平台?
Weekly Report Generator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Weekly Report Generator?
由 fx-world888(@fx-world888)开发并维护,当前版本 v1.0.0。
推荐 Skills