ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

speech-paper-daily

v1.0.0

语音领域每日论文速递。搜索最新语音大模型(Speech LLM、TTS、ASR、codec、speech generation)和语音前端(speech enhancement、noise suppression、beamforming、source separation、dereverberation)预印本论...

1· 72·0 current·0 all-time
by@jusperlee
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actions in SKILL.md: the skill scrapes arXiv, reads papers, summarizes them, and writes a document to a specified Tencent Docs folder. No unrelated binaries, env vars, or installs are requested.
Instruction Scope
Instructions are focused on the stated task (fetch arXiv / read papers / extract links / produce expert summaries / write to Tencent Docs). They require using platform tools (web_fetch, read_arxiv_paper, search_arxiv, write, exec) and instruct writing temporary files under /tmp and executing a generated Python script which calls 'mcporter' to create the Tencent Docs entry. This is expected for the write-to-docs step, but it does mean the agent will create and execute code at runtime and invoke an external docs API — verify you trust the platform tools (mcporter/tencent-docs) that handle credentials.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is downloaded or installed by the skill itself.
Credentials
No environment variables, credentials, or config paths are declared. The instructions rely on the platform's existing tooling (mcporter) to access Tencent Docs; the absence of declared credentials is reasonable for an instruction-only skill, but you should confirm how your platform provides and scopes the docs integration credentials.
Persistence & Privilege
Skill is not always-enabled and does not request persistent system-wide changes. It writes only to temporary files under /tmp during operation and invokes platform tools to publish documents to a specific folder ID.
Assessment
This skill appears coherent for collecting and summarizing arXiv speech papers and posting them into a Tencent Docs folder. Before installing: (1) confirm you trust the platform tools (mcporter / tencent-docs) since the skill will invoke them to create documents in folder ID 'YUsookchBhki'; (2) understand the skill will write temporary files to /tmp and execute a generated Python script (ensure execution is permitted and safe in your environment); (3) if you don't want automatic writes to your real folder, change the folder ID to a test folder or run the skill in a sandbox first; (4) verify the platform's credentials for Tencent Docs are scoped minimally (only permission to write to the intended folder). If any of those are unacceptable, do not enable the skill or run it only in a reviewed/test mode.

Like a lobster shell, security has layers — review code before you run it.

latestvk9748dz0v0q2psrq0gh55cd0hh83fkqk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments