ClawHub

arxiv-cv-daily

v1.0.0

Fetch arXiv papers for a target date in cs.CV, screen them against a user topic, save logs under a user-chosen output directory, download matched PDFs, and s...

0· 82·0 current·0 all-time
byYonghui Wang@harrytea
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the included code and instructions: the bundled script queries the arXiv API, screens titles/abstracts against a topic library, downloads PDFs and writes artifacts under a user-chosen output directory. There are no unrelated credentials, unusual network endpoints, or unrelated libraries requested.
Instruction Scope
The SKILL.md explicitly instructs the agent to create files (topic spec, logs, saved PDFs, extracted_text/*.txt) under a user-selected output root (default /tmp) and to read extracted full text files before summarizing. That is coherent with the stated purpose but means the skill will write to arbitrary locations the user permits; the instructions also require running the included script (not only conversational steps). The runtime will access the network (arXiv API) and local filesystem; the SKILL.md forbids using another skill but otherwise gives broad discretion about output root selection, so users should avoid pointing it at sensitive directories.
Install Mechanism
No install spec is provided (instruction-only). The skill includes runnable Python scripts bundled with the skill — nothing is downloaded from external/untrusted URLs during install. This is low installation risk, but the bundled script will be executed at runtime.
Credentials
The skill requests no environment variables, no credentials, and no config paths. Network access to arXiv (export.arxiv.org) is required and appropriate for the stated functionality. There are no extraneous secret or credential requests.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent platform privileges. It does write artifacts into a chosen output directory (default /tmp) under the user's control, which is a normal behavior for a downloader/processor.
Assessment
This skill appears internally consistent with its description: it queries the public arXiv API, downloads PDFs, extracts/reads text, and writes logs and artifacts to a user-specified output directory. Before installing or running it: 1) choose a safe output directory (avoid system or home directories you care about) because the tool writes PDFs, extracted text, and logs; 2) review the bundled script locally if you can — it imports subprocess, so check whether it calls system tools (e.g., pdftotext) that might be executed; 3) be aware it requires outbound network access to export.arxiv.org to fetch data and PDFs; 4) run the skill in an isolated environment/container if you want to be extra cautious. If you want higher assurance, ask the publisher for the full script (untruncated) or run a quick grep for subprocess calls to confirm which external binaries (if any) are invoked.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e43bj08p8ttcy44yvv7bcg983gea2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments