ClawHub

Emerging Topic Scout

v0.1.0

Monitor bioRxiv/medRxiv preprints and academic discussions to identify emerging research hotspots before they appear in mainstream journals

0· 92·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the code and SKILL.md: the package fetches RSS/API feeds (arXiv, bioRxiv, medRxiv where possible), extracts text, runs NLP/topic-detection, and stores history. No unrelated credentials, binaries, or system accesses are requested.
Instruction Scope
Runtime instructions are narrowly scoped to fetching feeds, running analysis, and emitting reports. The SKILL.md and code deliberately note Cloudflare protection for bioRxiv/medRxiv and recommend arXiv. One behavioral note: the code uses browser-like headers to avoid simple bot detection; this is understandable for scraping RSS but is a boundary behavior you should be aware of. The SKILL.md references a --notify flag but does not document the notification endpoint or mechanism in the excerpt — review the implementation before enabling notifications.
Install Mechanism
No install spec in the registry; SKILL.md instructs pip installing the included requirements files. All dependencies are typical Python packages available on PyPI. There are no downloads from untrusted URLs or archive extraction steps.
Credentials
The skill declares no required environment variables or credentials. The code performs network requests to public RSS/APIs and writes a local history.json inside the skill workspace — this is proportionate to its purpose. There is no request for unrelated secrets.
Persistence & Privilege
The skill does not request always:true and does not modify system-wide agent configs. It writes/reads history.json within its own data directory (expected for a local history/cache) and otherwise runs on demand.
Assessment
This skill is internally consistent with its stated purpose, but before installing: (1) inspect the remainder of scripts/main.py (especially the notification code triggered by --notify) to confirm it doesn't post data to unexpected external endpoints or expect credentials; (2) run pip install inside a virtualenv or container; (3) be aware that the script uses browser-like headers to avoid simple bot-blocking (it will not bypass Cloudflare JS challenges); (4) confirm that writing history.json in the skill workspace is acceptable for your environment and that no sensitive files will be read; and (5) if you plan to enable continuous or automated runs, ensure rate-limiting and robots.txt compliance to avoid abuse of target services.

Like a lobster shell, security has layers — review code before you run it.

latestvk97epajd2a6mzk4m2brtsjdcr58380ar

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments