ClawHub

Arxiv Paper Reader

v1.0.3

Search arXiv by keyword, filter by submitted date range, fetch arXiv papers from an arXiv ID or URL, convert papers into Markdown and PDF files in the worksp...

0· 97·1 current·1 all-time
by@elio040208
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (search/fetch/convert arXiv papers) matches the code and declared requirements. The scripts only require a Python interpreter and interact with arXiv endpoints (export.arxiv.org and arxiv.org). No unrelated binaries, credentials, or config paths are requested.
Instruction Scope
SKILL.md instructs the agent to run the included Python scripts, read/write files under workspace directories (artifacts/, topics.json, runs/), and to only accept raw arXiv IDs or arXiv HTTPS URLs. The instructions emphasize safety (pass args as single CLI args, strict TLS) and tell the agent to read the generated search_results.md/json and produced paper files. There is no instruction to read unrelated system files or environment variables.
Install Mechanism
No install spec — instruction-only with bundled scripts. This is low-risk from an installer perspective because nothing is downloaded or installed automatically. The only runtime requirement is a local Python interpreter.
Credentials
No environment variables, credentials, or config paths are required. The scripts write outputs to workspace subdirectories (artifacts/arxiv* and a configurable root-dir) which is appropriate for the described functionality.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. It does create and update files under user-specified or default workspace directories (artifacts, runs, sync_state.json). That file I/O is expected for an archiving/syncing tool.
Assessment
This skill appears coherent and limited to arXiv interactions, but exercise normal caution: 1) run it in a controlled workspace (it will create artifacts/ and monitor topic folders), 2) inspect the bundled scripts yourself before running (they will execute arbitrary Python locally), 3) ensure your environment has a proper CA bundle (the code enforces TLS and references certifi), and 4) don't point it at non-arXiv URLs — the code enforces allowed hosts but follow the SKILL.md rule to only pass raw arXiv IDs or arXiv HTTPS URLs. If you need higher assurance, run the scripts in an isolated environment (container/VM) and review the remaining truncated code paths before granting broad autonomous invocation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e0egzgmmbxfdrasgjtx99k983qa5t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

OSWindows · Linux · macOS
Any binpython, python3

Comments