ClawHub

quantum-daily-tracker

v1.0.0

量子科技论文追踪与速览生成。用于每日追踪量子计算、量子网络、量子纠错等领域最新论文,生成中文笔记和每日速览。触发场景:(1) 定时任务执行量子论文追踪 (2) 用户请求更新论文 (3) 补充遗漏的论文

0· 333·0 current·0 all-time
byQingquan Yao@qingquanyao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (daily quantum paper tracking and Chinese notes) align with the instructions: RSS feeds are listed, selection and note-generation steps are described, and local storage paths are provided. Nothing requested or referenced is disproportionate to that purpose.
Instruction Scope
SKILL.md instructs the agent to read/write local files (memory/last-run.txt and quantum-tracker/Papers/*) and fetch public RSS feeds — all expected for a tracker. The instructions are somewhat high-level/ambiguous about how to choose "important" papers, how to implement the Dashboard, and how to perform parsing/formatting; that gives the agent broad implementation discretion but is not intrinsically incoherent. Users should verify where the Dashboard is stored and whether it posts data externally.
Install Mechanism
No install spec and no code files are present (instruction-only). This is low-risk: nothing is written to disk by an installer and no external packages are fetched by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. The runtime instructions only reference local files under the skill's own workspace and public RSS URLs, which is proportionate to its stated function.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent platform-level privileges or modify other skills' configs. It reads/writes files in a local project path (quantum-tracker/) and updates memory/last-run.txt — this is normal persistence for a scheduled tracker.
Scan Findings in Context
[STATIC_SCAN_NO_MATCHES] expected: The skill is instruction-only (SKILL.md) with no code files, so the regex-based scanner had nothing to analyze. This absence of findings is expected and does not imply the runtime instructions are safe by themselves.
Assessment
This skill appears to do what it says, but before installing: (1) confirm where the Dashboard will be stored and that the agent is allowed to write to quantum-tracker/ and memory/last-run.txt; (2) review how the agent decides "important" papers (vague selection logic could broaden what it fetches); (3) be aware it will fetch public RSS feeds (network access) — if you need confinement, run in a sandbox or restrict network permissions; (4) do a manual test run and inspect generated notes and Dashboard outputs to ensure no unexpected external posting or sensitive-data access occurs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f4wq1a4d03ceav1p0ntj5js8215wt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments