ClawHub

Paper Report Delivery

v1.0.0

Build, automate, or maintain a daily paper-report delivery pipeline that collects papers, selects A/B groups, generates Chinese summaries and detailed innova...

0· 178·0 current·0 all-time
by@fanwu-fan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (paper report -> generate HTML, Telegram messages, archive, retry/fallback) match the included scripts and README. The use of the OpenClaw CLI for sending messages is consistent with a delivery-oriented skill.
Instruction Scope
SKILL.md stays on-task (read workflow.md, build artifacts, deliver to Telegram, archive). The bundled scripts operate on local repo paths (data/, output/, assets/) and do not reach out to unexpected external endpoints. The delivery scripts call the OpenClaw 'message send' CLI via a retry wrapper, which is expected for sending to Telegram.
Install Mechanism
No install spec is provided (instruction-only with bundled scripts). No downloads from arbitrary URLs or archive extraction are present. The only external dependency is the OpenClaw CLI and Python runtime with Pillow for image handling, which are normal for this kind of skill.
Credentials
The skill does not declare or require secrets. It does read common env vars (TELEGRAM_TARGET, HTML_RETRY_WINDOW_SECONDS, etc.) and relies on the OpenClaw channel configuration for credentials, which is proportional to a Telegram delivery skill. There are no unrelated credentials or config paths requested.
Persistence & Privilege
always:false and the skill does not modify other skills or system-wide agent settings. It leaves local artifacts cached/archived per its stated behavior (which is expected for reliability and auditing).
Assessment
This skill appears coherent with its purpose, but review a few practical points before installing or running it: - Configure TELEGRAM_TARGET (and remove the placeholder) and ensure your OpenClaw 'channels.telegram' is correctly set up; the send script uses the platform's configured credentials to send messages. - There are no hard-coded credentials in the bundle, but verify there are no hard-coded chat IDs or targets before publishing/using. - The scripts call the OpenClaw CLI (openclaw message send). Running them will use whatever messaging credentials the OpenClaw config provides — run tests in a controlled environment to avoid accidental posting. - Ensure Python (and Pillow) is available in your environment since build_readable_html.py uses PIL for image conversion. - The skill intentionally persists local artifacts (output/, archives) for reliability; if those outputs might include sensitive data, clean or secure the output directory. - If you want stricter isolation, run the pipeline in a sandboxed container or CI job that has only the minimal OpenClaw credentials/targets needed. Overall, the package is internally consistent and on-purpose; the usual operational caution about message-sending credentials and output data applies.

Like a lobster shell, security has layers — review code before you run it.

latestvk9748nya9bnw180c5q2s9r1pmd831bad

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments