首页龙虾技能列表 › Report Expert — 技能工具

Report Expert — 技能工具

v1.6.2

生成 HTML 报告页面并部署到 Cloudflare Pages 站点。涵盖设计系统、页面结构、索引管理、iframe 内嵌查看、自动部署全流程。触发词:写报告、发布报告、部署报告、生成报告页面、report publisher、报告专家、升级报告专家、更新报告技能、发布技能升级。

0· 124·0 当前·0 累计
by @tomtrije (顾雪阳)·MIT-0
下载技能包
License
MIT-0
最后更新
2026/4/15
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
high confidence
The skill largely does what it says (generate and publish HTML reports) but its runtime instructions and code request undeclared credentials and tools and include an auto-update path that downloads and can overwrite local skill files — these mismatches and update behavior merit review before installing.
评估建议
This skill appears to implement report generation and Cloudflare Pages deployment as described, but there are several practical risks you should consider before installing or running it: - Missing declarations: The registry metadata lists no required env vars or binaries, but the skill needs configuration from ~/.openclaw/workspace/TOOLS.md, expects tools like 'openclaw' (for AI classification) and uses Cloudflare publishing (wrangler or API). Verify these tools and declare them if you will run...
详细分析 ▾
用途与能力
The skill's stated purpose (generate and deploy HTML reports to Cloudflare Pages) matches the included code (deploy.py, page generation, Cloudflare publish helpers). However the registry metadata lists no required env vars or binaries while the SKILL.md and code clearly expect environment configuration (CLOUDFLARE_API_TOKEN, REPORT_* settings via TOOLS.md) and external CLIs (e.g., openclaw ai, wrangler referenced in docs). The missing declarations are disproportionate to the stated metadata.
指令范围
SKILL.md instructs the agent/operator to run scripts that will modify manifest.json, increment versions, and run deploy.py to publish to Cloudflare; it also documents an upgrade flow that will download files based on manifest.repository and overwrite local skill files. Those update/download steps are powerful and can change the installed codebase at runtime. The instructions read/write files under the user's home workspace (TOOLS.md) and call external endpoints (manifest.repository and Cloudflare). This behavior is explained but broad and should be audited.
安装机制
There is no install spec (instruction-only in registry), but the package includes many code files. The code provides an upgrade mechanism that will fetch files from the manifest.repository URL and overwrite local files; that is effectively a runtime download/replace mechanism. The SKILL.md claims SHA256 checks are performed for CF Pages upgrades, but you should inspect upgrade.py and the publish helpers to confirm how downloads and verification are implemented.
凭证需求
The registry declares no required environment variables, yet SKILL.md and code rely on TOOLS.md config values and explicitly require CLOUDFLARE_API_TOKEN for publishing. The code also references other config keys (REPORT_CF_PROJECT, SKILL_CF_PROJECT, CF account fields). Additionally, index.py may invoke a local 'openclaw ai' CLI. Requiring a broad Cloudflare token (or pointing TOOLS.md to secrets) is reasonable for deployment but the credential requirements are not declared in metadata and should be limited to least privilege (Pages deploy/edit only) and audited.
持久化与权限
always:false and disable-model-invocation:false (normal). The skill includes a self-update path (upgrade.py) that can overwrite the skill files when invoked — this is documented and not inherently malicious, but it increases blast radius because a remote repository can change the code delivered to your agent. The SKILL.md warns about this and suggests SHA256 checks; verify those checks are actually implemented and that the upgrade source is trusted.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.6.22026/4/12

v1.6.2: 修复发布流程

● 可疑

安装命令 点击复制

官方npx clawhub@latest install report-expert
镜像加速npx clawhub@latest install report-expert --registry https://cn.clawhub-mirror.com

技能文档

将调研内容生成符合设计规范的 HTML 报告页面,支持两种内容类型:报告页面(同站部署)和外部页面(独立部署,iframe 内嵌查看)。

技能版本管理

所有远程地址均从 manifest.jsonrepository 字段动态获取,不硬编码任何绝对 URL

安装方式

技能支持两种安装渠道:

渠道安装命令特点
ClawHubclawhub install report-expert自动管理版本,安全扫描,推荐
CF Pages将 manifest.json 地址发送给 Agent包含 upgrade.py 自更新脚本

拉取升级(用户指令触发)

当用户说「升级报告专家」「更新报告技能」「检查技能更新」时,根据安装方式选择升级命令:

ClawHub 安装的技能: 

clawhub update report-expert

CF Pages 安装的技能:

安全提示: 升级会从 manifest.repository 指定的远端下载文件并覆盖本地技能文件(含 SHA256 校验)。请确认你信任该远端来源。
SKILL_DIR="<技能实际目录路径>"
python3 "${SKILL_DIR}/upgrade.py"
注意: upgrade.py 仅随 CF Pages 渠道分发,ClawHub 渠道通过 clawhub update 管理,不包含该文件。


发布升级(修改技能后触发)
当用户说「发布技能升级」「发布报告专家」「提交技能更新」时,执行发布流程。
安全提示: 发布会将技能文件部署到 Cloudflare Pages,需要 CLOUDFLARE_API_TOKEN。请确认 token 权限范围合理(仅需 Pages 编辑权限)。
bash SKILL_DIR="<技能实际目录路径>"

SKILL_DIR="$SKILL_DIR" python3 << 'PYEOF' import json, hashlib, os, sys from datetime import date

skill_dir = os.environ.get("SKILL_DIR", os.path.dirname(os.path.abspath(__file__))) manifest_path = os.path.join(skill_dir, "manifest.json")

with open(manifest_path, "r", encoding="utf-8") as f: manifest = json.load(f)

# 1. 版本递增 old_ver = manifest.get("version", "0.0.0") parts = old_ver.lstrip("v").split(".") parts[-1] = str(int(parts[-1]) + 1) new_ver = ".".join(parts) manifest["version"] = new_ver manifest["updated"] = date.today().isoformat()

# 2. 远程基础地址(从 repository 字段读取) repo = manifest.get("repository", "").rstrip("/")

# 3. 重算所有文件哈希 for root, dirs, fnames in os.walk(skill_dir): dirs[:] = [d for d in dirs if d not in (".git", "__pycache__")] for fname in fnames: fpath = os.path.join(root, fname) rel = os.path.relpath(fpath, skill_dir) if rel == "manifest.json": continue with open(fpath, "rb") as f: sha = hashlib.sha256(f.read()).hexdigest() sz = os.path.getsize(fpath) if rel not in manifest.get("files", {}): manifest.setdefault("files", {})[rel] = {} manifest["files"][rel]["sha256"] = sha manifest["files"][rel]["size"] = sz # url 保持相对路径 manifest["files"][rel]["url"] = rel

# 4. 清理已删除的文件 existing = set() for root, dirs, fnames in os.walk(skill_dir): dirs[:] = [d for d in dirs if d not in (".git", "__pycache__")] for fname in fnames: rel = os.path.relpath(os.path.join(root, fname), skill_dir) if rel != "manifest.json": existing.add(rel) for rel in list(manifest.get("files", {}).keys()): if rel not in existing: del manifest["files"][rel]

# 5. 写入 manifest with open(manifest_path, "w", encoding="utf-8") as f: json.dump(manifest, f, ensure_ascii=False, indent=2)

# 5.5. 同步版本号到技能介绍页面 index_html = os.path.join(skill_dir, "index.html") if os.path.exists(index_html): ih = open(index_html, "r", encoding="utf-8").read() # 替换版本号标记(匹配 v数字.数字.数字 格式) import re ih = re.sub(r'v\d+\.\d+\.\d+', f'v{new_ver}', ih, count=1) open(index_html, "w", encoding="utf-8").write(ih) print(f"📄 介绍页版本已同步: v{new_ver}")

print(f"✅ 版本: v{old_ver} → v{new_ver}") print(f"📦 文件: {len(manifest['files'])} 个") for rel, meta in manifest["files"].items(): print(f" {meta['sha256'][:12]}... {meta['size']:>6}B {rel}") PYEOF

# 6. 发布到预览环境(自动升级版本号 + 同步所有文件版本) SKILL_DIR="$SKILL_DIR" python3 "${SKILL_DIR}/deploy.py" publish

# 7. 验证预览内容(检查输出的预览地址) # - manifest.json 版本号正确 # - index.html 版本号正确 # - SKILL.md 版本号正确

# 8. 验证无误后,发布到生产环境 python3 "${SKILL_DIR}/deploy.py" publish-prod 



验证发布
发布后执行以下命令确认:
bash SKILL_DIR="<技能实际目录路径>" REPO=$(python3 -c "import json; print(json.load(open('${SKILL_DIR}/manifest.json'))['repository'])")

# 检查 manifest 可达 curl -sL "${REPO}/manifest.json" | python3 -c "import json,sys; m=json.load(sys.stdin); print(f'v{m[\"version\"]} — {len(m[\"files\"])} files')"

# 检查各文件可达 curl -sI "${REPO}/SKILL.md" | head -1 curl -sI "${REPO}/deploy.py" | head -1 



前置配置(使用者必须完成)
四组部署目标配置
在 TOOLS.md 中按需配置:
markdown

Report Expert 技能配置

部署模式: local

  • REPORT_DEPLOY_MODE=local
  • REPORT_LOCAL_DIR=/path/to/site # 本地站点根目录
  • REPORT_LOCAL_URL=https://example.com/claw # 站点访问地址
  • REPORT_SITE_NAME=传琪

# 远程报告部署(可选)

  • REPORT_CF_PROJECT=reports-site # 报告站 CF Pages 项目名

# 技能 CF 发布(可选)

  • SKILL_CF_PROJECT=report-expert-skill # 技能站 CF Pages 项目名

# 技能 ClawHub 发布(可选)

  • SKILL_CLAWHUB_SLUG=report-expert
  • SKILL_CLAWHUB_NAME=报告专家


共用凭据
  • CLOUDFLARE_API_TOKEN — 环境变量或 TOOLS.md,一个 token 管所有 CF 操作
    • 
  
- 建议使用最小权限 token(仅需 Cloudflare Pages 编辑权限)
  - 建议使用环境变量方式配置,不要提交到公共仓库
两种内容类型
1. 报告页面(同站部署)
完整的调研报告、教程等,部署在报告主站的子目录下。
流程:

  • 生成 HTML body 内容(只需