ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Arxiv Translate Email

v1.0.0

从 arXiv 下载论文并翻译为中文,发送至邮箱。当用户说"下载并翻译论文"、"翻译这篇文献"、"下载xxx论文并发送到我邮箱"时使用此技能。支持同步和异步两种模式。

0· 66·0 current·0 all-time
by@ckqiao

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ckqiao/arxiv-translate-email.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Arxiv Translate Email" (ckqiao/arxiv-translate-email) from ClawHub.
Skill page: https://clawhub.ai/ckqiao/arxiv-translate-email
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install arxiv-translate-email

ClawHub CLI

Package manager switcher

npx clawhub@latest install arxiv-translate-email
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The declared purpose (fetch arXiv, translate, email result) aligns with the provided send_email.py and SKILL.md examples. However, SKILL.md references many local scripts (/root/workspace/Remember/tasks/queue_manager.py, tasks/arxiv_worker.py, queue JSON) that are not included in the bundle, and it embeds service credentials (DeepSeek API key, QQ SMTP account) rather than declaring them as required environment variables. That mismatch (missing scripts + embedded external creds) is incoherent with a simple 'instruction-only' skill.
!
Instruction Scope
The runtime instructions tell the agent to run long-running local commands, manage a cron-driven worker, use a local venv binary (pdf2zh_next), and notify via QQ; they also instruct use of proxy env vars. The instructions reference filesystem paths (/root/workspace, translated/, source/) and a QQ notification target. Some of these referenced files/scripts are missing from the package, and the instructions require contacting external services (DeepSeek API and an SMTP server) using hard-coded keys — scope and external endpoints are broader than what is declared.
Install Mechanism
No install spec (instruction-only) and only one small helper script included. No remote downloads or install steps that would write arbitrary code to disk are present in the bundle itself.
!
Credentials
The SKILL.md and scripts contain hard-coded sensitive credentials: a DeepSeek API key and QQ SMTP username/password (also hard-coded into scripts/send_email.py). Yet the skill declares no required env vars or primary credential. Embedding third-party API keys and an SMTP account in code is disproportionate and risky: the SMTP account will relay files externally (potential data exposure), and the API key may be billed or audited by its owner. The skill does not ask you to supply your own credentials, which is suspicious.
Persistence & Privilege
always:false and no explicit install hooks — the skill does not demand elevated platform privileges. However SKILL.md instructs setting up cron jobs and a background worker; if the user or operator follows those instructions they will create periodic background activity on the host (not enforced by the bundle). That operational persistence is optional but should be considered.
What to consider before installing
Do not deploy this skill as-is. Specific concerns: (1) send_email.py includes hard-coded SMTP credentials and FROM address — these are likely not yours and will cause your translated documents to be sent through a third‑party mailbox (possible data exposure). (2) SKILL.md embeds a DeepSeek API key; using it may expose content to that service and could incur costs or logging. (3) The README references local scripts and paths that are missing from the package; running commands as shown may fail or perform unexpected work on /root. Recommended actions before using: remove or replace hard-coded secrets (put any API keys / SMTP creds in environment variables under your control), confirm ownership and intended use of the embedded credentials, inspect or obtain the missing queue_manager/worker scripts, run the translation pipeline in a controlled test directory, and only enable any cron/worker after auditing their code. If you cannot verify the owner of the embedded credentials or are uncomfortable sending document attachments via an external SMTP account, do not install or invoke this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk9776rahm4fje2qm61wq0h4aps84pamd
66downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@ckqiao
latest
Download

arxiv-translate-email

两种工作模式

⚡ 异步队列模式(推荐,小Pi串行执行)

翻译任务进入队列,由后台 cron 定时触发 worker 串行执行。同一时间只跑一个任务,保护小Pi。

添加任务:

python3 /root/workspace/Remember/tasks/queue_manager.py add <arxiv_url> <邮箱> [论文标题]

查看队列:

python3 /root/workspace/Remember/tasks/queue_manager.py list
python3 /root/workspace/Remember/tasks/queue_manager.py pending  # 只看待处理数量

清理已完成:

python3 /root/workspace/Remember/tasks/queue_manager.py clear

Cron 配置: 每 3 分钟检查一次队列,有任务则执行。完成后通过 QQ 主动通知(announce 已修复,投递目标 qqbot:c2c:F6C87A75D65679207F9A41EA424742C6)。

🔧 同步直接执行

不走队列,直接执行,等完成再返回。阻塞主会话,适合临时单次使用。

环境配置

  • pdf2zh_next/root/workspace/pdf2zh2/.venv/bin/pdf2zh_next
  • 代理HTTPS_PROXY=http://127.0.0.1:7890 HTTP_PROXY=http://127.0.0.1:7890
  • DeepSeek APIsk-aea81697cdc34baa8a11727b52bbb513
  • 邮件 SMTP:QQ 邮箱 smtp.qq.com:465,用户 2794002698@qq.com,授权码 ydtmhlhcraqudhcc

核心脚本

脚本作用
tasks/queue_manager.py队列增删查改
tasks/arxiv_worker.pyWorker,执行下载→翻译→发邮件
tasks/arxiv_translate_queue.json队列状态文件

翻译命令模板(同步模式参考)

cd /root/workspace/pdf2zh2 && \
# 清理旧输出
rm -f translated/{slug}.*.pdf && \
HTTPS_PROXY=http://127.0.0.1:7890 HTTP_PROXY=http://127.0.0.1:7890 \
nohup env PYTHONUNBUFFERED=1 \
setsid .venv/bin/python -u .venv/bin/pdf2zh_next \
  --deepseek \
  --deepseek-api-key "sk-aea81697cdc34baa8a11727b52bbb513" \
  --deepseek-model deepseek-chat \
  --lang-in en \
  --lang-out zh \
  --pool-max-workers 4 \
  --qps 4 \
  --no-auto-extract-glossary \
  --output ./translated \
  source/{slug}.pdf > translate.log 2>&1 &

或者可以参考~/.config/pdf2zh2/config.v3.toml 输出文件translated/{slug}.zh.dual.pdf(扁平目录,无子文件夹)

关键注意事项

  • doclayout 解析慢:23 页论文约需 5-8 分钟,纯 CPU 密集,不要误以为卡死
  • 完成后查询:进程消失 + ls -lh translated/*.pdf 有文件即完成
  • 发邮件:附件路径是 translated/{slug}.zh.dual.pdf
  • 串行保证:lock 文件机制,同一时间只能有一个 processing 任务
  • QQ 通知:任务完成后 cron worker 会通过 QQ 主动推送通知(已修复 announce 投递)

发送邮件脚本

scripts/send_email.py,用法:

python3 scripts/send_email.py <to_email> <subject> <body> <pdf_path> [attachment_name]

完整流程示例(同步)

  1. 搜索:curl "https://export.arxiv.org/api/query?search_query=ti:SearchR1&max_results=3"
  2. 下载:curl -L "https://arxiv.org/pdf/2503.09516.pdf" -o source/search-r1.pdf
  3. 翻译:按上方模板,slug=search-r1
  4. 等待 5-10 分钟,查询进程和文件
  5. 发邮件:python3 scripts/send_email.py 1074741503@qq.com "Search-R1 中文翻译" "附件" translated/search-r1.zh.dual.pdf

异步队列示例

# 添加任务
python3 /root/workspace/Remember/tasks/queue_manager.py add "https://arxiv.org/abs/2503.09516" "1074741503@qq.com" "Search-R1"

# 查看队列
python3 /root/workspace/Remember/tasks/queue_manager.py list

# cron 触发 worker(自动每3分钟检查)
# 或手动触发一次:
openclaw session spawn --agent-id arxiv_worker  # 内部用

Comments

Loading comments...