ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Awesome Paper Skill

v1.0.2

Research-topic literature scouting across multiple platforms (not only arXiv), paper categorization, publication-status labeling, Awesome-style GitHub README...

0· 216·0 current·0 all-time
byZHAO Youjun@youjunzhao

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for youjunzhao/awesome-paper-skill.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Awesome Paper Skill" (youjunzhao/awesome-paper-skill) from ClawHub.
Skill page: https://clawhub.ai/youjunzhao/awesome-paper-skill
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install awesome-paper-skill

ClawHub CLI

Package manager switcher

npx clawhub@latest install awesome-paper-skill
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The scripts implement exactly what the description promises: multi-source paper fetching, README generation, and publishing to a GitHub repo. However the skill metadata declares no required binaries or credentials even though publish_repo.py calls git and the GitHub CLI (gh) and fetch_papers.py makes outbound HTTP calls — these runtime requirements are expected for the stated purpose but are not declared in the manifest.
!
Instruction Scope
SKILL.md instructs the agent to fetch from arXiv/Crossref/Semantic Scholar and to create or update a GitHub repo. The instructions will cause network calls and will attempt to create/update repos using the environment's GitHub authentication (via gh/git). The doc also states to use defaults from the 'current workspace context' if owner/repo are omitted, which could cause the skill to act on an implicitly chosen account without explicit, per-run confirmation.
Install Mechanism
There is no install spec (instruction-only), which is low risk in general, but the included Python scripts will require python3 plus external binaries (git, gh) available at runtime. Because the manifest does not list these as required, an operator might run it expecting no extra tools and be surprised when arbitrary subprocesses are invoked.
!
Credentials
requires.env is empty, but publish_repo.py implicitly requires GitHub credentials/configured gh CLI or working git credentials to create/push repositories. The skill does not request or document GITHUB_TOKEN, GH auth, or any confirmation step. This is proportionate to the feature (pushing to GitHub) but the omission of explicit credential requirements and guidance is a packaging/information gap that increases risk if users are not aware.
Persistence & Privilege
The skill does not request always:true and does not modify system-wide configuration (it runs git config inside a temp directory). The main persistence/privilege impact is remote: creating/updating GitHub repos using whatever account the environment provides. That is expected for a publish workflow and is not an elevated system privilege on the host.
What to consider before installing
This skill appears to do what it says, but be careful before running it: 1) It will make network requests to arXiv/Crossref/Semantic Scholar and will attempt to create or update GitHub repositories using the environment's git/gh credentials — ensure you want a tool to modify your GitHub account. 2) The manifest does not declare runtime requirements: install python3, git, and the GitHub CLI (gh), and ensure gh is authenticated (or git has push permissions). 3) Always provide explicit repo_owner/repo_name rather than relying on workspace defaults, and run the publish step against a test repo first to confirm behavior. 4) Review the generated README file before allowing the skill to push. 5) If you need stronger guarantees, ask the author to update the skill metadata to declare required binaries and document credential usage (e.g., require GITHUB_TOKEN or instruct how gh auth will be used) so you can audit and consent to those privileges.

Like a lobster shell, security has layers — review code before you run it.

latestvk9725m3cak2rz4re35wr6g38758341x1
216downloads
0stars
3versions
Updated 1d ago
v1.0.2
MIT-0
ZHAO Youjun@youjunzhao
latest
Download

Awesome Paper Skill

Use this skill when user asks for a full pipeline:

  1. User gives a topic.
  2. Agent researches papers (multi-source, not arXiv-only).
  3. Agent builds/updates an Awesome-style README.md.
  4. Agent pushes changes to user GitHub repo.

Required Inputs

  • topic (required)
  • repo_owner (required)
  • repo_name (required)
  • visibility (optional, default: keep current repo visibility)
  • max_arxiv / max_crossref / max_semantic (optional)

If owner/repo are omitted, use defaults from current workspace context or ask once.

Pipeline

1) Fetch papers (multi-source)

python3 skills/awesome-paper-skill/scripts/fetch_papers.py \
  --topic "<topic>" \
  --max-arxiv 60 \
  --max-crossref 60 \
  --max-semantic 60 \
  --out /tmp/research_papers.json

Policy:

  • Merge arXiv + Crossref + Semantic Scholar.
  • Continue on partial source failures; report coverage gaps.
  • De-duplicate by title/doi.

2) Build Awesome README

python3 skills/awesome-paper-skill/scripts/build_awesome_readme.py \
  --topic "<topic>" \
  --input /tmp/research_papers.json \
  --output /tmp/README.md

Formatting rules (strict):

  • English-only.
  • One paper per bullet.
  • If venue known: show [Venue] line.
  • If venue unknown: do not print [Preprint] line.
  • Keep arXiv badge line.
  • Keep GitHub badge line only when valid repo exists.
  • Do not include Website placeholders/badges.
  • Date on its own line: (YYYY-MM-DD).

3) Publish/update GitHub repo

python3 skills/awesome-paper-skill/scripts/publish_repo.py \
  --owner "<repo_owner>" \
  --name "<repo_name>" \
  --readme /tmp/README.md \
  --visibility private

If repo exists: update README and push. If repo does not exist: create then push.

Quality Gates

Before final reply:

  • README renders.
  • Total papers count matches entries.
  • No Website placeholder links.
  • No fake Repo Not Found badges.
  • Repo push succeeded.

Deliverables to user

  • Brief summary (what changed)
  • GitHub commit/repo URL

Comments

Loading comments...