v1.0.0

Research Paper Portal

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:04 AM.

Analysis

The skill mostly matches its paper-portal purpose, but one script sends externally sourced paper text through a shell command, which could allow unintended local command execution.

GuidanceReview and fix the shell-based LLM invocation before running this skill, especially before enabling cron. If you proceed, run it with limited permissions, configure only trusted APIs and ComfyUI/LLM endpoints, and verify what content will be published to the website.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution

SeverityHighConfidenceHighStatusConcern

scripts/update-papers.py

prompt = f"""...英文标题：{paper['title']}\n摘要：{paper['excerpt'][:500]}..."""
...
subprocess.run(f'{llm_command} "{prompt}"', shell=True, ...)

Paper titles and abstracts are fetched from external APIs, then interpolated into a shell command. Shell expansion can execute command substitutions or injected syntax contained in that text.

User impactA malicious or malformed paper title/abstract could cause local commands to run when the update script executes, especially if scheduled by cron.

RecommendationDo not run or schedule this script until the LLM invocation is changed to avoid shell=True, pass arguments as a list or via stdin, and restrict the LLM command to a trusted allowlist.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

openclaw cron add --name "论文更新" --schedule "0 5 * * *" --script "update-papers.py"
openclaw cron add --name "网站发布" --schedule "0 8 * * *" --script "daily-publish.py"

The skill explicitly instructs the user to create recurring scheduled tasks that collect and publish content every day.

User impactOnce enabled, the portal may keep updating public website content without further manual action.

RecommendationRun cron jobs under a least-privileged user, log their output, review the pending queue before publication if needed, and remove the scheduled tasks when no longer wanted.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

No install spec — this is an instruction-only skill. Required env vars: none.

The package still includes runnable Python scripts and documentation for environment/service configuration, so dependency and setup requirements are under-declared in registry metadata.

User impactUsers may need to manually inspect scripts and install packages such as HTTP and image-processing libraries before running the workflow.

RecommendationDocument required Python version, packages, optional environment variables, and service endpoints before installation or scheduling.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityInfoConfidenceHighStatusNote

SKILL.md

大语言模型（LLM）资源 - 推荐：Gemini CLI（免费）或 Claude API ... 绘图模型资源 - 推荐：ComfyUI + Flux2

The workflow depends on external or separately hosted provider services for translation/title generation and image generation.

User impactResearch keywords, paper titles/abstracts, and image prompts may be sent to configured provider tools or servers as part of normal operation.

RecommendationUse trusted LLM and ComfyUI endpoints, understand their logging/privacy behavior, and avoid sending private research material unless the provider is acceptable.