← 返回 Skills 市场
1989tianlong

YTLong Daily Report

作者 1989tianlong · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
376
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install ytlong-daily-report
功能描述
Automatically generate daily/weekly work reports from git commits, calendar events, and task lists. Use when you need to quickly create professional work rep...
安全使用建议
The skill claims it aggregates git, calendar, and tasks, but the code only reads git commits — treat calendar/task features as unimplemented. Before installing or running: (1) review .reportrc.json and only include trusted local repo paths — untrusted paths can lead to shell injection because the code embeds repo strings into a shell command; (2) prefer to run the script in a non-sensitive directory and inspect the generated report file; (3) if you need calendar/task integration, request clarification or an updated version that implements and documents secure OAuth handling; (4) consider patching the code to avoid execSync string interpolation (use child_process.spawn with argument arrays or validate/sanitize repo paths) to eliminate command-injection risk.
功能分析
Type: OpenClaw Skill Name: ytlong-daily-report Version: 1.0.0 The skill contains a shell injection vulnerability in index.js within the getGitLogs function, where repository paths from the .reportrc.json configuration file are interpolated directly into a shell command via execSync. While the code appears to serve its stated purpose of generating git-based reports, the lack of input sanitization on the 'repo' variable allows for arbitrary command execution. Additionally, SKILL.md claims features like calendar and task integration that are entirely absent from the provided implementation.
能力评估
Purpose & Capability
SKILL.md and the description claim aggregation from git, calendar, and task managers (Google/Apple/Apple Reminders). The shipped index.js implements only git commit collection and report generation; there is no calendar or task integration code. This is a clear mismatch between claimed capabilities and actual implementation.
Instruction Scope
Runtime instructions tell the user to run node index.js and create .reportrc.json. The program reads .reportrc.json and executes shell commands via execSync: it constructs a command string containing the configured repo path and runs cd "<repo>" && git log ... via the shell. Because repo paths are interpolated into a shell string, a malicious or malformed repo entry in .reportrc.json can cause shell command injection. The script also writes report files to the current working directory (report-<since>.md).
Install Mechanism
No install spec is provided (instruction-only skill plus included Node files). package.json is present but there are no external dependencies and installation is standard npm install. Nothing is downloaded from unknown hosts during install.
Credentials
The skill declares no required environment variables or credentials, which matches the code. However SKILL.md mentions optional calendar access (Google/Apple) without specifying how credentials would be provided; since no calendar code exists, there is currently no handling of OAuth tokens or secrets — this inconsistency should be clarified before trusting calendar/task features.
Persistence & Privilege
The skill does not request persistent 'always' presence, does not modify other skills or global agent settings, and only writes a report file to the working directory. No elevated platform privileges are requested.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install ytlong-daily-report
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /ytlong-daily-report 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
First release: auto-generate daily/weekly reports from git commits
元数据
Slug ytlong-daily-report
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

YTLong Daily Report 是什么?

Automatically generate daily/weekly work reports from git commits, calendar events, and task lists. Use when you need to quickly create professional work rep... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 376 次。

如何安装 YTLong Daily Report?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ytlong-daily-report」即可一键安装,无需额外配置。

YTLong Daily Report 是免费的吗?

是的,YTLong Daily Report 完全免费(开源免费),可自由下载、安装和使用。

YTLong Daily Report 支持哪些平台?

YTLong Daily Report 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 YTLong Daily Report?

由 1989tianlong(@1989tianlong)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论