ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Paper Recommendation

v1.0.1

Automates discovery, parallel review, scoring, and briefing generation of AI research papers from arXiv, supporting daily updates and PDF analysis.

6· 3k·7 current·8 all-time
by@sjf-ecnu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's files and SKILL.md describe paper discovery, PDF extraction, spawning sub-agents, and delivering briefings — that matches the name. However the package metadata declares no required binaries or credentials while the scripts clearly call external CLIs (curl, pdftotext, clawdbot) and expect a local path layout (/home/ubuntu, ~/jarvis-research). The omission of required binaries in metadata is an inconsistency: installing this skill will require tools not declared.
!
Instruction Scope
Runtime instructions and scripts perform web requests to arXiv, download PDFs, extract text, spawn parallel sub-agents (via 'clawdbot sessions spawn') with full paper context, and send briefings to a hardcoded Telegram ID. These actions are within the high-level purpose but include steps that can transmit paper content and metadata to sub-agents or an external messaging endpoint — the SKILL.md also shows adding a cron job that will automate this. The presence of a hardcoded TELEGRAM_ID and an unused local GATEWAY_URL (127.0.0.1:18789) are notable and should be validated.
Install Mechanism
There is no install spec (instruction-only + included scripts). That is low-risk from an automatic installer perspective because nothing is fetched or executed at install time by the registry. However the delivered code will rely on system binaries (curl, pdftotext, clawdbot) when run.
!
Credentials
No environment variables or credentials are declared (primary credential: none), which is appropriate for a paper-fetching skill — but scripts hardcode a TELEGRAM_ID and default directories under /home/ubuntu and ~/jarvis-research. The skill will call 'clawdbot' CLI commands to spawn sessions and send messages; if clawdbot is configured with credentials or gateway tokens on the host, those will be used implicitly. The scripts do not request unrelated cloud credentials, but the hardcoded delivery target and implicit use of host 'clawdbot' credentials represent a privacy/exfiltration risk and a mismatch with the declared 'requires' metadata.
Persistence & Privilege
always:false (good). The SKILL.md and scripts provide explicit cron add examples that, if applied, create a persistent daily job that downloads PDFs and sends briefings to a Telegram account. The skill does not itself set system-wide configuration or modify other skills, but the provided automation instructions would create ongoing behavior if the user runs them. Autonomous spawning of sub-agents (the platform default) amplifies the impact of any data sent to those sub-agents.
What to consider before installing
What to check before installing or running this skill: - Metadata vs code: the registry metadata declares no required binaries, but the scripts call external tools (curl, pdftotext, clawdbot). Ensure those CLIs exist and understand their configuration on your host. - Hardcoded delivery target: daily_workflow.py contains a hardcoded TELEGRAM_ID (8077045709) and SKILL.md shows a cron example that will send briefings to that ID. Replace or remove this ID before enabling automation — otherwise you will send data to someone else's Telegram account. - Cron/automation: the skill provides instructions to add a daily cron job. Do not add the cron job until you review and trust the message destination and behavior; test the workflow manually first. - Sub-agents and data exposure: tasks passed to 'clawdbot sessions spawn' include paper content and may cause those contents to be processed by other agents/models. If your environment sends data to external LLM providers, this may leak paper text or internal notes. Inspect the exact 'task' payloads and verify where sub-agent processing occurs. - Local gateway URL: daily_workflow.py defines GATEWAY_URL = http://127.0.0.1:18789/api/message but does not use it; confirm there is no leftover code or hidden endpoints you don't expect. - Run in a sandbox: if you want to evaluate safely, run the scripts in a controlled environment (non-production VM or container) and point PAPERS_DIR to a directory you control. - Review and adapt: update paths, change/remove hardcoded TELEGRAM_ID, and audit how 'clawdbot' is configured on your machine (what credentials or gateways it uses) before enabling automated runs. In summary: the skill appears to implement its stated purpose, but metadata omissions, hardcoded recipient, and implicit use of host-level clawdbot credentials create privacy/exfiltration risks — treat as suspicious until you verify and sanitize configuration.

Like a lobster shell, security has layers — review code before you run it.

latestvk97115qd2b5je8awh8jhw7jg1h805586

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments