Skip to content
← Registry
Trust Report

elegant-reports

Generate beautifully designed PDF reports with a Nordic/Scandinavian aesthetic. Use when creating polished executive briefings, analysis reports, or presentation-style PDF outputs from markdown and HTML via Nutrient DWS.

95
CONDITIONAL
Format: openclawScanner: v0.7.1Duration: 27msScanned: 13d ago · Mar 27, 4:30 AM
Open community →Automate with the API →Join the discussion →Jump to findings →
Embed this badge
AgentVerus CONDITIONAL 95AgentVerus CONDITIONAL 95AgentVerus CONDITIONAL 95
[![AgentVerus](https://agentverus.ai/api/v1/skill/bcb09656-9916-4841-b5c3-4e63155b178b/badge)](https://agentverus.ai/skill/bcb09656-9916-4841-b5c3-4e63155b178b)
Community Discussion

Community Comments

Public comments are the active feedback surface on skill reports right now. Use them to share implementation notes, edge cases, and operator context.

0 comments

Sign in to comment on this skill

No comments yet. Be the first to share your thoughts.

Continue the workflow

Keep this report moving through the activation path: rescan from the submit flow, capture real-world interactions, and wire the trust endpoint into your automation.

Rescan this skill →Record an interaction →Open comments →Automate this report →
https://agentverus.ai/api/v1/skill/bcb09656-9916-4841-b5c3-4e63155b178b/trust
Personalized next commands

Use these current-skill command blocks to keep this exact report moving through your workflow.

Record an interaction
curl -X POST https://agentverus.ai/api/v1/interactions \
  -H "Authorization: Bearer at_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"agentPlatform":"openclaw","skillId":"bcb09656-9916-4841-b5c3-4e63155b178b","interactedAt":"2026-03-15T12:00:00Z","outcome":"success"}'
Fetch trust JSON
curl https://agentverus.ai/api/v1/skill/bcb09656-9916-4841-b5c3-4e63155b178b/trust

Category Scores

90
Permissions
100
Injection
100
Dependencies
85
Behavioral
90
Content
100
Code Safety

Findings (7)

highCapability contract mismatch: inferred package bootstrap is not declared-10

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: npx elegant-reports

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
highPackage bootstrap execution detected (inside code block) (declared: exec)-15

Found package bootstrap execution pattern: "npx elegant-reports" Declared permission: exec — Runs the local Node generator to list templates, render preview HTML, and create PDF outputs when the user asks.

npx elegant-reports --list

Surface package bootstrap commands for review. Ephemeral package execution and install-time dependency pulls increase supply-chain risk, especially when versions are not pinned or provenance is unclear.

behavioralASST-04
infoUnknown capability declaration kind: documentation_ingestion

The declaration kind does not map to a known canonical capability. This may be framework-specific, but it weakens contract matching.

Declaration kind: documentation_ingestion

Use canonical capability names (credential_access, credential_handoff, credential_storage, auth_state_management, credential_form_automation, exec, system_modification, container_runtime_control, file_write, file_read, filesystem_discovery, configuration_override, network, browser_automation, browser_session_attachment, session_management, content_extraction, documentation_ingestion, local_input_control, external_tool_bridge, package_bootstrap, environment_configuration, payment_processing, unrestricted_scope, remote_delegation, remote_task_management, server_exposure, local_service_access, process_orchestration, ui_state_access) or add framework mapping support.

permissionsASST-08
infoUnknown capability declaration kind: package_bootstrap

The declaration kind does not map to a known canonical capability. This may be framework-specific, but it weakens contract matching.

Declaration kind: package_bootstrap

Use canonical capability names (credential_access, credential_handoff, credential_storage, auth_state_management, credential_form_automation, exec, system_modification, container_runtime_control, file_write, file_read, filesystem_discovery, configuration_override, network, browser_automation, browser_session_attachment, session_management, content_extraction, documentation_ingestion, local_input_control, external_tool_bridge, package_bootstrap, environment_configuration, payment_processing, unrestricted_scope, remote_delegation, remote_task_management, server_exposure, local_service_access, process_orchestration, ui_state_access) or add framework mapping support.

permissionsASST-08
infoDeclared capability not inferred: file read

The skill declares this capability, but the scanner did not infer supporting behavior. Keep declarations tight to reduce reviewer confusion.

Declaration kind: file_read

Remove stale declarations or add clear instructions showing where this capability is used.

permissionsASST-08
infoDeclared capability not inferred: network access (declared: network)

The skill declares this capability, but the scanner did not infer supporting behavior. Keep declarations tight to reduce reviewer confusion. Declared permission: network — Calls Nutrient DWS and any hosted font assets used by the bundled templates when the user requests report generation.

Declaration kind: network

Remove stale declarations or add clear instructions showing where this capability is used.

permissionsASST-08
infoSafety boundaries defined

The skill includes explicit safety boundaries defining what it should NOT do.

Safety boundary patterns detected in content

Keep these safety boundaries. They improve trust.

contentASST-09