arxiv_deep_reader
v1.0.3利用python,指定某个arxiv_id/url, 基于 LLM Agent 对这篇arxiv论文进行分类与深度阅读,直接print打印阅读笔记
⭐ 2· 828·22 current·22 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's code and SKILL.md match the description: it fetches arXiv papers, parses LaTeX, and calls an LLM to produce notes. However, the registry metadata lists only 'uv' as a required binary while the implementation clearly needs a Python runtime (it runs main.py and uses pip). Also the code reads ARXIV_* configuration values from .env (ARXIV_CATEGORIES, ARXIV_MAX_RESULTS, FETCH_LOOKBACK_DAYS) which are not listed in requires.env — these are non-secret config values but represent a small metadata mismatch.
Instruction Scope
SKILL.md instructs creating a .env and running commands via the 'uv' wrapper; runtime instructions are limited to fetching/arXiv parsing and LLM calls. The code reads only project files (skills/, prompts/, .env) and fetches content from arXiv and the configured LLM endpoint; it does not access system-wide secrets or unrelated files. It will send paper text (including parsed LaTeX) to the LLM provider — expected for this functionality.
Install Mechanism
There is no formal install spec in the registry (instruction-only install), but the repository includes requirements.txt and the SKILL.md tells users to run 'uv pip install -r requirements.txt'. That means dependencies will be installed from PyPI (moderate risk compared to no install spec). Also the requirements include an unversioned 'arxiv-to-prompt' entry — you may wish to inspect that package on PyPI before installing.
Credentials
The declared required env vars (LLM_API_KEY, LLM_BASE_URL, LLM_TEMPERATURE, LLM_MAX_TOKENS) are proportional to an LLM-based reader; LLM_API_KEY is the primary credential as expected. Two small notes: (1) config.py also reads ARXIV_* and FETCH_LOOKBACK_DAYS from .env but these are not listed in requires.env (they are not secrets but are configuration values). (2) The skill will transmit full paper text (and parsed LaTeX) to the configured LLM endpoint — if you use a third-party LLM service, you are sending content to that service and should be comfortable with that data flow.
Persistence & Privilege
The skill does not request permanent 'always' inclusion and does not change other skills or system-level settings. It runs as a normal user-level Python program and does not request elevated privileges.
Assessment
This skill appears coherent and implements the advertised functionality, but review the following before installing:
- Secrets and data flow: you must provide LLM_API_KEY and LLM_BASE_URL — the tool will send full paper text (including LaTeX) to that LLM provider. Only use an API/key you trust and do not supply keys for services you do not want to see this data.
- Binary requirement mismatch: registry lists 'uv' as required, but the code requires a Python runtime (and pip). Ensure you have a suitable Python interpreter and understand what the 'uv' wrapper is in your environment.
- Dependencies: installation uses requirements.txt (pip). Inspect requirements.txt and the 'arxiv-to-prompt' package on PyPI before installing to confirm they are legitimate and to decide whether to pin versions.
- .env file: the repository includes a .env template with ARXIV_* defaults and a default LLM_BASE_URL. Double-check and override these values as needed; do not accidentally commit your API key into version control.
If you are comfortable with the LLM provider and the Python/pip install process, the skill is reasonable to run. If you want extra assurance, review the requirements and the upstream PyPI packages before installation.Like a lobster shell, security has layers — review code before you run it.
latestvk97f98q796y3ypdphhgxr0c5rx812bya
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsuv
EnvLLM_API_KEY, LLM_BASE_URL, LLM_TEMPERATURE, LLM_MAX_TOKENS
Primary envLLM_API_KEY