paper claw
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: paperclaw Version: 1.0.0 The Paper Claw skill is a legitimate tool for fetching and summarizing research papers from arXiv. The code in 'example.py' and 'SKILL.md' is clearly aligned with the stated purpose, using standard Python practices like 'subprocess.run' (with list arguments to prevent shell injection) and JSON-based configuration management. While the skill requires sensitive environment variables (SMTP and LLM API keys) and has the capability to modify its own configuration files, these behaviors are necessary for its core functionality and lack any evidence of malicious intent or obfuscation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the main paper-fetching action may execute code that was not included in this review, potentially using your email or LLM credentials.
The helper executes a Python script located under a parent-derived path, but scripts/main.py is not included in the provided manifest. Invoking the fetch function could therefore run unreviewed or unintended code outside the supplied artifact.
SKILL_ROOT = Path(__file__).resolve().parents[1] cmd = ["python", str(SKILL_ROOT / "scripts" / "main.py")] result = subprocess.run(cmd, capture_output=True, text=True, cwd=SKILL_ROOT)
Only run this after confirming the exact scripts/main.py source is included, reviewed, and located inside the intended skill directory.
The visible package may not be enough to know what code will actually run or what scheduled job would do.
The documentation references runtime scripts, workflow files, and config files that are not present in the supplied file manifest, and there is no install spec explaining how those files are obtained.
python scripts/main.py Already configured in `.github/workflows/daily_digest.yml` See `config/arxiv_categories.json`
Require a complete packaged artifact or a pinned, reviewable install source before installing or scheduling the skill.
Applying presets or configuring recipients could modify files outside the expected skill folder.
In the provided top-level layout, the code derives its working root from the parent of the skill file and writes configuration there. This is broader than a clearly scoped write under the supplied skill directory.
SKILL_ROOT = Path(__file__).resolve().parents[1] config_path = SKILL_ROOT / "config" / "recipients.json" config_path.write_text(json.dumps(config, indent=2, ensure_ascii=False), encoding="utf-8")
Change file writes to a clearly contained skill-owned directory and show the user the target path before modifying configuration.
The skill can send email through the configured SMTP account and may call external AI providers if keys are supplied.
The skill needs SMTP credentials for email delivery and optionally LLM provider keys for summaries. This is purpose-aligned and disclosed, with no direct evidence of credential leakage in the supplied files.
requires":{"bins":["python3"],"env":["SMTP_HOST","SMTP_PORT","SMTP_USER","SMTP_PASS"],"optional_env":["MOONSHOT_API_KEY","OPENAI_API_KEY","ANTHROPIC_API_KEY","GOOGLE_API_KEY","DEEPSEEK_API_KEY"]}Use dedicated, least-privilege credentials where possible and review the complete runtime code before providing real keys.
If scheduled, the skill may repeatedly fetch papers and send digests without a fresh manual prompt each day.
The skill documents persistent deduplication state and optional scheduled daily execution. This is disclosed and aligned with a daily digest, but users should recognize that enabling it creates recurring autonomous activity.
🔄 **State Persistence** — Auto-deduplication ### Schedule Daily Runs 0 1 * * * cd /path/to/paper_claw && python scripts/main.py
Enable scheduling only after reviewing the full runtime and confirming recipients, credentials, and output paths.