首页龙虾技能列表 › Weekly Report Flow Yjf — 技能工具

Weekly Report Flow Yjf — 技能工具

v1.0.2

Generate and submit weekly reports from Aliyun DevOps workitems via EMOP API. Use when asked to run the weekly report flow, backfill missing weeks, or explai...

0· 66·0 当前·0 累计
by @yaojiangfeng·MIT-0
下载技能包
License
MIT-0
最后更新
2026/3/24
安全扫描
VirusTotal
无害
查看报告
OpenClaw
可疑
medium confidence
The skill's runtime instructions match its stated purpose (pull DevOps items and POST to EMOP) but there are inconsistencies and gaps — notably undeclared required tokens, hard-coded local paths, and a vague 'use browser session' fallback — that warrant caution before use.
评估建议
This skill appears to do what it claims (pull from Aliyun DevOps and POST summaries to EMOP), but packaging and instructions are inconsistent in ways that increase risk. Before installing or running it: - Ask the author to correct the manifest to list required environment variables (DEVOPS_TOKEN, EMOP_TOKEN) and to declare a primary credential. The manifest should match SKILL.md. - Clarify the 'use browser session' fallback. Do not allow any automated agent action that reads browser cookies, l...
详细分析 ▾
用途与能力
The described capability (generate weekly reports from Aliyun DevOps and submit to EMOP) aligns with the API endpoints and payloads in SKILL.md and references. However the package metadata declared no required environment variables while the SKILL.md explicitly requires DEVOPS_TOKEN and EMOP_TOKEN — this mismatch reduces trust in the packaging and documentation.
指令范围
Instructions tell the agent to use DevOps API and POST to EMOP (expected), but also say to 'Use browser session if direct API returns 403' without specifying how. That fallback could push an agent to access browser cookies/sessions or other local state. The references file lists absolute local script paths and an output markdown path under C:\Users\Administrator\.openclaw\workspace, suggesting the skill expects or references local artifacts; the SKILL.md simultaneously says 'never write to disk' for tokens — these contradictions are concerning.
安装机制
This is instruction-only with no install spec and no code files, so there is no installer risk. Nothing will be written to disk by an install step in this package itself.
凭证需求
The runtime needs two sensitive secrets (DEVOPS_TOKEN and EMOP_TOKEN) which are reasonable for the stated purpose, but the skill metadata did not declare required env vars or a primary credential. That omission is an inconsistency that could lead to accidental credential leakage or misuse. Also the instructions' ambiguous browser-session fallback raises the risk that other local credentials or cookies could be accessed if not properly constrained.
持久化与权限
always:false and no install/persistence mechanism are present. The skill does not request permanent presence or elevated platform privileges in the manifest.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.0.22026/3/24

No functional or documentation changes in this version. - No file changes detected between versions 1.0.0 and 1.0.1. - SKILL.md content remains exactly the same.

● 无害

安装命令 点击复制

官方npx clawhub@latest install weekly-report-flow-yjf
镜像加速npx clawhub@latest install weekly-report-flow-yjf --registry https://cn.clawhub-mirror.com

技能文档

When to use

  • User asks to generate/submit weekly reports.
  • User asks to backfill missing weeks.
  • User asks to automate the DevOps→summary→EMOP flow.

Required inputs

  • DEVOPS_TOKEN in environment (never write to disk)
  • EMOP token in environment (never write to disk)
  • Assignee default: 姚江峰
  • Types: 需求/任务/缺陷

Workflow

1) Pull DevOps workitems - Use browser session if direct API returns 403. - Endpoint: /projex/api/workitem/workitem/list?_input_charset=utf-8 - Header: x-yunxiao-token: $DEVOPS_TOKEN - Page size 200, iterate all pages. - Filter in client by assignee/nickName and type.

2) Classify - Include current sprint workitems. - Include last-week created items not in current sprint. - Last week: Mon 00:00 → Sun 23:59 (Asia/Shanghai).

3) Summarize - 200–300 Chinese characters, department-formal, not流水账. - Output Markdown and also HTML ordered list

    • ...
.

4) Submit to EMOP - POST https://emop.oureman.com/api/weekly/report - Headers: token: $EMOP_TOKEN, Content-Type: application/json; charset=utf-8 - Body fields: - date: single day (last Friday, yyyy-MM-dd) - reportDate: ISO UTC yyyy-MM-ddTHH:mm:ss.000Z - content:

    • ...
- Ensure UTF-8 bytes to avoid乱码.

Backfill mode

  • For each missing week (by Friday date), pull DevOps items for that week and generate summary.
  • Submit one report per week.

References

  • See references/urls.md for project URLs and IDs.
  • See references/cli.md for local script entrypoints.
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务