ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Paper Engineering Assistant

v1.0.1

基于“框架层-总结层-正文层”三层架构的自动化论文写作与文献管理助手。严格按照用户指定的目录(`workspace/毕业论文`)组织所有文件。

0· 451·2 current·2 all-time
by陈宽同学@mrchenkuan
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes a full-featured pipeline (PDF download/parse, literature search, automated summarization, full bidirectional synchronization). The shipped agent.py only implements directory creation, a simple project-structure reporter, and a placeholder summary-update routine; it does not perform network calls, PDF parsing, summarization, or file-watching. Also the top-level description (Chinese: organize under workspace/毕业论文) conflicts with SKILL.md/agent.py default './PaperProject/'. This mismatch between claimed capability and actual footprint is inconsistent.
!
Instruction Scope
Runtime instructions request filesystem read/write across a project tree and network access for literature search and downloads; they also state that body files may be overwritten and that synchronization must run after each modification. The code, however, provides no implementation for downloads, parsing, or an automatic synchronization/watch mechanism, so the instructions grant broad behaviors that are not constrained or implemented. Overwrite behavior is explicit in the docs and could be destructive if run in a real project directory.
Install Mechanism
No install spec is provided and no external packages are fetched; risk from install mechanism is low. The skill is instruction-plus-a-small-agent script; nothing is downloaded or extracted during install.
Credentials
The skill declares network access and filesystem read/write in its runtime instructions but requires no environment variables or credentials. That is plausible for generic literature searches, but the SKILL.md does not declare which external services/endpoints will be contacted or whether credentials (institutional access, library proxies) are needed. The lack of declared secrets is not an immediate red flag, but network access plus unspecified endpoints increases ambiguity.
Persistence & Privilege
The skill is not marked 'always: true' and does not request special system-wide privileges. It exposes async functions (initialize_project, sync_on_body_change) that a gateway could call, but that is consistent with normal skill operation. Autonomous invocation is allowed by default (platform default) — combine that with network/filesystem access if you want to limit risk.
What to consider before installing
This skill's documentation promises substantial automation (download PDFs, parse text, summarize, and automatic bidirectional sync) but the provided code is a small, mostly placeholder script that only creates directories, lists project structure, and contains a stub for updating summaries. Before installing or using it: 1) Back up any real thesis/work directories — the skill explicitly overwrites body files. 2) Ask the author for the missing implementations: what libraries/tools will be used for PDF parsing, what network endpoints will be contacted, and how synchronization is triggered (file watcher, webhooks, or manual). 3) If you need network access disabled, run the skill in an isolated/test folder or restrict its network privileges. 4) Prefer to run the included agent.py in a sandbox to confirm behavior and to obtain a complete implementation (download/parsing/sync code) before giving it access to important files. If the author cannot justify where downloads will come from or cannot provide the actual parsing/sync code, treat the skill as incomplete and avoid using it on important data.

Like a lobster shell, security has layers — review code before you run it.

latestvk972kpvhcmpq6v7mwr5g2az5v1820365
451downloads
0stars
2versions
Updated 7h ago
v1.0.1
MIT-0
陈宽同学@mrchenkuan
latest
Download

Paper Engineering Assistant

1. Skill Description

This skill automates a structured academic writing workflow based on a three-layer architecture: Framework Layer, Summary Layer, and Body Layer. It maintains data consistency across all layers through automatic synchronization mechanisms. The skill operates within a user-designated project directory (default: ./PaperProject/).

2. When to Use

Use this skill when the user needs systematic assistance with academic writing, especially for long-form documents like theses or dissertations.

  • User says: "Start working on my thesis."
  • User says: "Read and structure all literature in the references folder."
  • User says: "Generate a preliminary framework based on my research proposal."
  • User says: "I've modified Section 2.1, please sync the framework and summaries."
  • User says: "Find and download recent literature about 'performance management'."

3. Core Concepts & Workflow

This skill strictly follows the three-layer architecture:

A. Core Three-Layer Structure

  1. Framework Layer (structs.json): The blueprint/map of the entire paper. A JSON array describing the hierarchical structure of chapters, sections, and paragraphs with IDs, titles, abstracts, keywords, and key points.
  2. Summary Layer (summaries.json): The content database. Provides detailed summaries for each framework node and records related node IDs for content traceability.
  3. Body Layer (./document_body/ directory): The actual written content. A directory and Markdown file collection that exactly mirrors the framework layer structure, with each file corresponding to a writing unit.

B. Workflow Stages

Stage 1: Literature Review & Processing

  1. Initialization: Create necessary subdirectories in the project directory (e.g., ./document_body/, ./processed_references/).
  2. Process References:
    • Iterate through each reference in the references directory.
    • Create a dedicated folder for each reference (named after the reference) and initialize an information.md file with metadata (title, author, abstract, keywords, download link).
    • If the reference file (e.g., PDF) is available, parse it using the same three-layer architecture, generating corresponding structs.json, summaries.json, and body files stored within that reference's folder. This creates a "knowledge base" for each reference.
    • If the original text cannot be downloaded, only save the information.md.
  3. Read Other Materials: Review non-reference materials like research proposals, institutional guidelines, etc., to understand requirements and existing foundations.

Stage 2: Document Writing

  1. Generate Framework Layer: Create the initial structs.json based on the research topic, proposal, and processed references. If an exemplary reference paper exists, its structure can be emulated.
  2. Generate Summary Layer: Write detailed summaries for each framework node, forming summaries.json.
  3. Write Body Layer: Based on the framework structure and summary content, write detailed content for each part in the ./document_body/ directory, following the format Chapter_X/Section_X.X_Title.md. If a section becomes too long, split it into multiple files (e.g., Section_X.X_Title_trunc_1.md).

Stage 3: Assembly & Synchronization

  1. Assemble Final Document: Run a concatenation script that reads all Markdown files in ./document_body/ and merges them in the order defined by the framework layer into a complete thesis_final.md file. This is a programmatic process, not reliant on AI.
  2. Critical: Synchronization Mechanism:
    • Top-down Modification: When the user or AI modifies the Framework Layer (structs.json) or Summary Layer (summaries.json), the corresponding Body Layer files must be rewritten or updated.
    • Bottom-up Modification: When the user or AI modifies a Body Layer file, extract its core information to update the corresponding Summary Layer entry and Framework Layer abstract.
    • This synchronization is crucial for maintaining logical consistency and preventing fragmentation, and must be executed after each modification.

4. How to Use (Operating Steps)

When the user triggers the skill, I will work according to the following logic:

  1. Confirm Working Directory: I will first establish the project root directory. If not specified, I will use the default ./PaperProject/ in the current working directory. All generated files will be placed within this directory or its subdirectories.
  2. Execute the Requested Task:
    • If the request is "start" or "process references": a. Check the directory structure and list all items in the references folder. b. Execute the "Literature Review & Processing" workflow for each item. c. Generate a literature_review_report.md summarizing key findings and interconnections.
    • If the request is "generate framework": a. Comprehensively analyze the research proposal, core insights from processed references, and institutional guidelines. b. Generate or update structs.json (Framework Layer) in the project root.
    • If the request is "write body": a. Read structs.json and summaries.json. b. Create corresponding folders and files in the ./document_body/ directory and begin writing content. Existing files in this directory may be overwritten. c. While writing each section, query summaries.json and the associated reference knowledge bases.
    • If the request is "sync modification": a. The user indicates which file was modified (e.g., ./document_body/Chapter_3/3.1_Current_Analysis.md). b. I first read the modified file content, extract a new abstract and key points. c. Update the section_summary for the corresponding section_id in summaries.json. d. Update the abstract and key_points for the corresponding section_id in structs.json.
    • If the request is "find literature": a. Perform a network search based on the user-provided keywords. b. Attempt to download PDFs to the references directory. c. Create a folder and information.md for each, regardless of download success. If downloaded successfully, proceed with structured parsing.
  3. Output & Confirmation: After each operation, I will clearly state which files were generated, their paths, and briefly describe their content.

5. Edge Cases

  • Directory Doesn't Exist: If the project directory doesn't exist, I will ask the user if they want to create it.
  • References Folder Empty: If the references folder is empty, I will notify the user and ask if they want to proceed directly to framework design or start a network search for literature.
  • Research Proposal Missing: If no research proposal is found, I will generate a very basic initial framework based on the paper title and general academic structure, noting that it will require significant revision.
  • Sync Conflict: If major, irreconcilable discrepancies are detected between the Framework, Summary, and Body layers for the same section, I will list the conflicts and pause automatic synchronization, requesting manual user judgment and instruction.

Comments

Loading comments...