📦 DoctorClaw
v1.0.0Weekly report generator — compile progress from tasks, emails, and calendar into one summary. Friday cron or on-demand.
5· 5·0 当前·0 累计
by 下载技能包
最后更新
2026/4/24
安全扫描
OpenClaw
可疑
medium confidenceThe skill's stated goal (compile weekly reports) matches its instructions, but the SKILL.md expects access to email, calendar, task systems, and delivery channels while declaring no credentials, env vars, or config paths — a mismatched and potentially risky gap that you should resolve before installing.
评估建议
This skill could do exactly what it promises, but it currently omits important details about what accounts and permissions it needs. Before installing or enabling it: (1) Ask the author to explicitly list required credentials and recommended OAuth scopes (e.g., Gmail read-only for a specific label, Google Calendar read-only, specific task-service tokens, Telegram bot token or Discord webhook) rather than relying on implicit agent access. (2) Prefer granting narrowly scoped, dedicated tokens (rea...详细分析 ▾
⚠ 用途与能力
The skill claims to pull data from tasks, emails, and calendars and to deliver reports via Telegram/Discord or files. However, the skill declares no required environment variables, credentials, or config paths. Access to Gmail/Google Calendar, Apple Calendar, Todoist/Asana/Notion/Trello, and messaging services normally requires credentials or API tokens — their absence in the metadata is an incoherence.
⚠ 指令范围
SKILL.md instructs the agent to scan emails (sent and received), read multiple possible task sources (including plain files or any source 'your agent can read'), pull calendar events, save archives to memory/weekly-reports/, and configure cron scheduling. These are sensitive actions (email and calendar scanning, reading arbitrary task sources, writing to an archive) and the instructions are vague about exact scopes, filters, and retention — giving the agent broad discretion to access data it can reach.
✓ 安装机制
No install spec and no code files — the skill is instruction-only, so nothing will be downloaded or written by an installer. This reduces supply-chain risk compared to skills that pull external binaries.
⚠ 凭证需求
The skill lists no required env vars or primary credential, yet expects access to email inboxes, calendars, task APIs, and messaging delivery channels that typically require tokens, OAuth, or API keys. That mismatch means either: (a) the skill relies on the agent's ambient permissions (dangerous/implicit), or (b) the author omitted declaring required credentials — both are problematic for least privilege and consent transparency.
ℹ 持久化与权限
always:false (normal). The skill asks to schedule a recurring cron and to save reports under memory/weekly-reports/, which implies write access to agent memory or task scheduler. That behavior is plausible for a reporting skill but should be explicit: the skill doesn't declare config paths it will modify and doesn't document how scheduled runs will be authorized or stopped.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/24
- Initial release of the doctorclaw-weekly-report skill. - Automatically compiles weekly progress reports from tasks, emails, and calendar events. - Summarizes wins, meetings, communications, blockers, and next week's priorities in a single report. - Supports scheduling via cron for weekly automation or on-demand generation. - Customizable inputs for task source, calendar, email, delivery method, and report format.
● 可疑
安装命令
点击复制官方npx clawhub@latest install doctorclaw-weekly-report
镜像加速npx clawhub@latest install doctorclaw-weekly-report --registry https://cn.longxiaskill.com