ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Arxiv Research Secure

v1.0.0

Secure ArXiv paper search and download tool with local caching, AI summarization, research logging, and no shell command execution.

0· 83·0 current·0 all-time
byhoussam-eddine@houssameddinemaatallah

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for houssameddinemaatallah/arxiv-research-secure.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Arxiv Research Secure" (houssameddinemaatallah/arxiv-research-secure) from ClawHub.
Skill page: https://clawhub.ai/houssameddinemaatallah/arxiv-research-secure
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install arxiv-research-secure

ClawHub CLI

Package manager switcher

npx clawhub@latest install arxiv-research-secure
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
SKILL.md advertises a full CLI (arxiv-secure), LLM-based summarization, and multiple helper modules (paper_summarizer.py, research_logger.py, pdf_downloader.py, references/, assets/) but the package only contains SKILL.md and a single scripts/arxiv_client.py. There is no install or CLI entrypoint, and no declared environment variables or credentials for any LLM provider despite claiming 'AI summarization'. These mismatches mean required capabilities are not provided or not justified by requested configuration.
!
Instruction Scope
The instructions focus on search, download, summarization and local logging (consistent with purpose), but the implementation has gaps: fetch_paper_pdf writes files using an unsanitized paper_id (cleaning only removes the 'arXiv:' prefix), which can lead to path-traversal-style writes (e.g., '../../escape.pdf'). The validate_query sanitization applies only to search queries, not to paper IDs or other user-supplied identifiers. SKILL.md also instructs CLI usage with shell redirection (e.g., '> weekly_report.md'), but there's no provided CLI binary or install steps.
Install Mechanism
No install spec is provided (instruction-only), which minimizes installer risk. However, the skill claims a CLI and additional modules that are not present; that absence is an integrity/usability concern rather than an install risk.
!
Credentials
The skill advertises LLM-based summarization yet declares no required environment variables or primary credential (no OPENAI_/OTHER_API_KEY). That is inconsistent: summarization normally requires an external LLM API key or a bundled model. It also reads OPENCLAW_WORKSPACE if set (not declared) and writes into the workspace. Network access is limited to arxiv hosts in code, which is proportionate, but the missing LLM credential declaration is suspicious.
Persistence & Privilege
always:false and default autonomy settings are normal. The skill writes only to a workspace-local cache and research log (no evidence it alters other skills or system-wide agent config). The persistence level is appropriate for a local caching tool.
What to consider before installing
This skill is inconsistent: it claims a CLI and LLM summarization but only ships one Python file and no declared API keys or install steps. Before installing or running it, ask the author for: (1) the missing modules and a real CLI entrypoint or an installation method; (2) which LLM provider is used and which environment variables are required (and why none are declared); (3) a fix for file-write sanitization (ensure paper IDs cannot cause path traversal and that saved files stay inside the cache dir). If you must evaluate code locally, run it in a sandboxed environment with limited filesystem permissions and no sensitive credentials, and review any additional files the author provides.

Like a lobster shell, security has layers — review code before you run it.

latestvk974zdvbqv0gcd6crd5zz3svy983ydhr
83downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
houssam-eddine@houssameddinemaatallah
latest
Download

ArXiv Research Assistant Secure

name: arxiv-research-secure
description: Advanced ArXiv paper search with local caching, smart summarization, and research tracking. Secure alternative with no shell execution.

ArXiv Research Assistant Secure

Overview

Advanced research tool for ArXiv papers:

  • Smart search — Multi-keyword, author, category filtering
  • Local caching — Avoid repeated API calls, offline reading
  • AI summarization — Automatic abstract extraction with LLM
  • Research tracking — Log papers to structured markdown
  • PDF download — Local storage with metadata
  • Zero shell — Pure Python, no curl/wget/exec

Security Model

Network Isolation

# Only HTTPS to export.arxiv.org
ALLOWED_HOSTS = ["export.arxiv.org", "arxiv.org"]
TIMEOUT_SECONDS = 30
MAX_RETRIES = 3

Input Validation

def validate_query(query: str) -> str:
    # Block injection attempts
    FORBIDDEN = [";", "|", "&", "$", "`", "\"", "'", "<", ">", "..", "//"]
    for char in FORBIDDEN:
        if char in query:
            raise ValueError(f"Invalid character in query: {char}")
    return query[:200]  # Max 200 chars

Local Storage Only

CACHE_DIR = WORKSPACE / ".arxiv_cache"
PAPERS_DIR = CACHE_DIR / "papers"
METADATA_DIR = CACHE_DIR / "metadata"

# No external network after download
# All operations on local files

Capabilities

1. Search Papers

arxiv-secure search "transformer energy consumption" --max=10 --sort=relevance
arxiv-secure search "author:LeCun" --category=cs.LG
arxiv-secure search "LLM reasoning" --date-from=2024-01-01

2. Download & Cache

arxiv-secure fetch 2501.12345           # Download by ID
arxiv-secure fetch --search="query" --auto-download  # Download all results

3. Smart Summary

arxiv-secure summarize 2501.12345       # AI summary of paper
arxiv-secure summarize --file=paper.pdf # Summarize local PDF

4. Research Log

arxiv-secure log 2501.12345             # Add to research log
arxiv-secure log --search="query" --auto-log
arxiv-secure list-log                   # Show research history
arxiv-secure export-log --format=md     # Export for reports

5. Manage Cache

arxiv-secure cache-list                 # List cached papers
arxiv-secure cache-clear --older-than=30d
arxiv-secure cache-stats                # Disk usage

6. Batch Operations

arxiv-secure batch --search="volatility modeling" --max=20 --download --summarize --log

Workflow Examples

Daily Research Digest

# Morning: Check new papers on your topics
arxiv-secure search "quantitative finance volatility" --date-from=yesterday --max=5 --summarize

# Log interesting ones
arxiv-secure log 2501.12345
arxiv-secure log 2501.12346

# Export weekly report
arxiv-secure export-log --format=md --since=last-week > weekly_report.md

Deep Research Session

# Search broadly
arxiv-secure search "transformer energy efficiency" --max=50

# Download all
arxiv-secure batch --search="transformer energy efficiency" --max=20 --download

# Summarize batch
arxiv-secure batch --ids=2501.12345,2501.12346,2501.12347 --summarize

# Log to research tracker
arxiv-secure batch --ids=2501.12345,2501.12346 --log

Output Formats

Console Table

ID          Title                          Authors        Date     Category
2501.12345  Energy-Efficient LLMs          Smith et al.   2025-01  cs.LG
2501.12346  Transformer Optimization         Chen et al.    2025-01  cs.CL

Markdown Log

## [2025-01-15] Research: Energy-Efficient LLMs
- **Paper**: Energy-Efficient Transformers for Edge Devices
- **Authors**: Smith, J., Chen, L., Kumar, R.
- **arXiv**: 2501.12345
- **Category**: cs.LG (Computation and Language)
- **Summary**: Proposes a novel pruning technique...
- **Relevance**: High - directly applicable to RTE volatility prediction models
- **Downloaded**: ✅ paper_2501.12345.pdf

JSON Export

{
  "query": "transformer energy",
  "date": "2025-01-15",
  "papers": [
    {"id": "2501.12345", "title": "...", "summary": "...", "relevance": 0.85}
  ]
}

Resources

scripts/

  • arxiv_client.py — Secure API client with caching
  • paper_summarizer.py — LLM-based summarization
  • research_logger.py — Structured logging to markdown
  • pdf_downloader.py — Safe PDF download and storage

references/

  • arxiv_api_reference.md — API documentation
  • research_templates.md — Log templates and formats

assets/

  • paper_template.md — Default paper log template

Comments

Loading comments...