← 返回 Skills 市场
Weekly Report Email
作者
zq62191161-ai
· GitHub ↗
· v1.0.0
· MIT-0
146
总下载
0
收藏
0
当前安装
9
版本数
在 OpenClaw 中安装
/install xl-weekly-report-email
功能描述
通用周报收集和邮件推送技能,支持交互式填写周报内容,自动计算周数和日期范围,生成美观的HTML格式邮件。
安全使用建议
Before installing, note the following: 1) The code expects Node (to run main.js and use nodemailer) and it calls python3 via child_process.execSync to compute ISO week — the skill metadata does not declare these binary requirements; ensure those runtimes exist and are acceptable. 2) The skill will ask you to store SMTP credentials (SMTP_USER/SMTP_PASS, SMTP_FROM) in a .env file inside the skill directory; only provide credentials you trust, and be aware these are persisted on disk. 3) There is no install spec — you may need to run npm install in the skill directory to install nodemailer. 4) The skill uses child_process to run python3 (shell execution) which is a moderate risk surface — review/limit execution environment or sandbox the skill if you have concerns. 5) The SKILL.md emphasizes not auto-sending, but confirm in your environment that the code indeed waits for explicit user confirmation before calling sendWeeklyReport (review main.js/mailerl.js call sites). 6) Minor code smells (duplicate functions in setup.js, absolute path in SKILL.md) are not proof of malice but indicate the package could be sloppy — review the code yourself or run it in an isolated environment. If you decide to proceed: install dependencies locally (npm ci), inspect .env after creation, and consider creating a dedicated SMTP account with limited privileges or an authorization token rather than using your primary mailbox password.
功能分析
Type: OpenClaw Skill
Name: xl-weekly-report-email
Version: 1.0.0
The skill bundle is a legitimate utility designed to collect weekly report information through an interactive AI dialogue and send it as a formatted HTML email via SMTP. It uses the standard 'nodemailer' library and stores user-provided credentials locally in a .env file. While the code uses 'child_process.execSync' in main.js to calculate ISO week numbers via a Python snippet, the input is derived from system time and is not user-controlled, posing no RCE risk. The instructions in SKILL.md are focused on ensuring a structured user experience and do not contain malicious prompt injections or attempts to exfiltrate sensitive data.
能力评估
Purpose & Capability
The skill's name/description match the code: it collects report content, generates HTML and sends via SMTP. However the package expects a Node runtime and the 'nodemailer' dependency (present in package.json/package-lock) and also invokes python3 (via child_process.execSync in main.js) to compute ISO week number. The registry metadata declared no required binaries or env vars, which is inconsistent with the actual code that reads/writes .env and config.json and requires node/python runtime and nodemailer.
Instruction Scope
SKILL.md restricts behavior (one question at a time, require explicit confirmation before sending) and documents writing a temporary markdown under memory/ and storing SMTP creds in a local .env. Those instructions are within the skill's purpose. Caveats: SKILL.md tells the agent to run 'nodejs main.js' and to cd to an absolute workspace path (/home/node/.openclaw/...), which may not exist in all environments; it promises temporary file deletion but I did not find a guaranteed delete routine in the provided code excerpts (the generator and tester create files but deletion flow isn't visible).
Install Mechanism
There is no install spec even though package.json and package-lock.json list a dependency (nodemailer). The skill will require Node and its dependencies to run; additionally the code uses python3 via a shell exec. The absence of declared runtime/install requirements (node, npm/yarn, python3) is an incoherence and may cause runtime failures or hidden attempts to exec arbitrary binaries.
Credentials
The skill requires SMTP credentials (SMTP_HOST, SMTP_PORT, SMTP_USER, SMTP_PASS, SMTP_FROM) and stores them in a .env file in the skill directory. Those credentials are proportionate to sending email. However the registry metadata claimed 'required env vars: none' and 'required config paths: none' while the code reads/writes .env and config.json in its own directory — this mismatch should be corrected and noted. Storing credentials on disk under the skill directory is practical but increases persistence risk if the host or skill files are shared or backed up.
Persistence & Privilege
always:false (good). The skill writes persistent files in its own directory (.env and config.json) and temporary files under memory/. This is normal for a mailer skill but means user SMTP credentials will be persisted on disk by design. The skill does not request elevated platform privileges or modify other skills' configs, but the persisted secrets should be treated carefully.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install xl-weekly-report-email - 安装完成后,直接呼叫该 Skill 的名称或使用
/xl-weekly-report-email触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
初始版本:通用周报收集和邮件推送技能
v1.8.3
修复 tags 显示
v1.8.2
修复 tags 格式错误
v1.8.1
Bug 修复:修复日期计算错误,周五/周六/周日时周数不减1,周四/周四之前减1;修复截止日期和时间范围计算逻辑
v1.8.0
安全修复:移除 sections 数组导出,防止误用示例内容;添加参数验证和调试日志
v1.7.0
邮箱配置改为自动引导用户填写,不再依赖外部技能;敏感信息统一存储在 .env(已排除发布);统一版本管理
v1.6.1
修复:排除 config.json 敏感文件
v1.6.0
优化内容解析逻辑和格式提示
v1.5.0
优化内容解析逻辑,增加更多状态样式,支持组合状态拆分,未按格式写时直接展示不报错,修复内容丢失问题
元数据
常见问题
Weekly Report Email 是什么?
通用周报收集和邮件推送技能,支持交互式填写周报内容,自动计算周数和日期范围,生成美观的HTML格式邮件。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 146 次。
如何安装 Weekly Report Email?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install xl-weekly-report-email」即可一键安装,无需额外配置。
Weekly Report Email 是免费的吗?
是的,Weekly Report Email 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Weekly Report Email 支持哪些平台?
Weekly Report Email 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Weekly Report Email?
由 zq62191161-ai(@zq62191161-ai)开发并维护,当前版本 v1.0.0。
推荐 Skills