Academic Translator
v1.0.0Translate and analyze academic CS papers (EN↔ZH), summarize content, answer questions with paper text plus web research, and compare related works.
⭐ 0· 114·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (translate/analyze CS papers) align with included scripts: fetch_arxiv.py fetches metadata and PDFs from arXiv; extract_pdf.py extracts page text for translation. The SKILL.md workflow and capabilities are consistent with these files.
Instruction Scope
Instructions are narrowly scoped to ingesting PDFs/arXiv IDs, extracting text, translating, and doing web searches. Notable issues: SKILL.md hard-codes sourcing a venv at /home/kjp/.openclaw/workspace/.venv which is environment-specific and may fail on other hosts; it instructs storing state under /tmp/academic_papers/ which is expected but persistent only in /tmp. The skill also tells the agent to use web_search and spawn sub-agents (sessions_spawn) — allowed but increases runtime network activity and agent autonomy.
Install Mechanism
No install spec provided. The scripts rely on third-party Python packages (requests and PyMuPDF/fitz) but do not install them. This is an engineering omission (runtime failure risk) rather than a malicious install. Absence of an install step means nothing new is written by the skill bundle itself.
Credentials
No environment variables, credentials, or config paths are requested. The only file paths referenced are local (venv activation path and /tmp directories). Network access is used only to fetch arXiv metadata and PDFs (via arXiv endpoints), which is coherent with the purpose.
Persistence & Privilege
always is false and the skill does not request elevated privileges or to modify other skills. It stores temporary state under /tmp/academic_papers/ for multi-turn sessions, which is consistent with its functionality.
Scan Findings in Context
[no-findings] expected: Static pre-scan reported no injection signals. Network calls (requests to arXiv) are present in code and are expected for the skill's purpose.
Assessment
This skill appears to do what it claims: it downloads arXiv PDFs, extracts text, and guides translations and web research. Before installing, note: (1) it assumes Python packages (PyMuPDF/fitz and requests) but provides no installer — ensure those are installed in a trusted environment; (2) SKILL.md hard-codes a venv activation path (/home/kjp/...), which you should change to match your environment or omit; (3) it writes temporary files to /tmp and will perform outbound HTTP requests to arXiv and web searches when answering queries; (4) the skill can spawn sub-agents for long-running translation jobs, increasing autonomous activity. No secrets or unrelated credentials are requested. If you want extra caution, run it in an isolated environment (sandbox/container) and verify dependencies before use.Like a lobster shell, security has layers — review code before you run it.
latestvk9778427x3b1p25rhsz6x3hvrx833ns3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.