ClawHub

arXiv Downloader

v1.0.0

arXiv 论文 PDF/LaTeX 源码下载工具。支持通过 arXiv ID 或 URL 下载论文。 当用户提到下载 arXiv 论文、获取 PDF、下载 LaTeX 源码时使用。 触发条件:(1) 用户要求下载 arXiv 论文 (2) 提供 arXiv ID 或链接 (3) 需要 PDF 或源码

0· 43·0 current·0 all-time
by@ninganme
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included script and the SKILL.md. The code only builds arxiv.org URLs and downloads PDF or e-print TAR.GZ files from arxiv.org, which is consistent with the stated purpose.
Instruction Scope
Runtime instructions are limited to invoking the bundled Python script to fetch arXiv content. The script only performs HTTP GETs to arxiv.org and writes the response to disk. However, the script does not sanitize the derived filename: if the identifier cannot be parsed or a user supplies a custom --name containing path separators or an absolute path, the resulting output_path can point outside the intended output_dir (possible path traversal / overwrite of files).
Install Mechanism
No installation steps; this is instruction-only with a small included Python script that uses the standard library (urllib). No external downloads or package installs are performed.
Credentials
No environment variables, credentials, or unrelated config paths are requested. Network access to arxiv.org is necessary and is the only remote interaction performed.
Persistence & Privilege
Skill does not request always:true, does not modify other skills, and does not persist credentials or alter agent configuration. Agent autonomy settings are default.
Assessment
This skill is coherent for downloading arXiv PDFs and sources and does not ask for credentials. Before installing/running: (1) inspect the script yourself (it's small) to ensure it matches expectations; (2) run it in a restricted directory or sandbox to avoid accidental file overwrites—the script will write files and currently does not sanitize filenames (an attacker or malformed input could cause writing outside the intended output_dir if an absolute path or path separators are passed as the name/identifier); (3) avoid running as a privileged user; (4) if you plan to use it programmatically, consider hardening the script to sanitize/validate filenames (strip path components, forbid absolute paths, enforce expected id formats, and preserve version suffixes if desired).

Like a lobster shell, security has layers — review code before you run it.

arxivvk976mhgvxm06wcsky8ht0rxa51843vzqdownloadvk976mhgvxm06wcsky8ht0rxa51843vzqlatestvk976mhgvxm06wcsky8ht0rxa51843vzqpdfvk976mhgvxm06wcsky8ht0rxa51843vzqresearchvk976mhgvxm06wcsky8ht0rxa51843vzq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments