ClawHub

arXiv Daily Paper Pusher

v1.0.0

Fetches yesterday's arXiv papers, ranks by keyword relevance with weighted scoring, and pushes results to Feishu via webhook for multiple groups.

0· 39·0 current·0 all-time
by@ventaozzz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the code fetches arXiv (arxiv library or export.arxiv.org), ranks locally, and posts to a Feishu webhook supplied in config.yaml. No unrelated services or credentials are requested.
Instruction Scope
SKILL.md and the code limit actions to fetching arXiv data, scoring locally, and sending text payloads to the provided Feishu webhook. The runtime instructions and code do not read system secrets, other skills' configs, or send data to unexpected endpoints.
Install Mechanism
There is no automated download/install spec in the skill bundle; required Python packages are declared in requirements.txt and are typical for this task (arxiv, PyYAML, requests). No external arbitrary URL downloads or archive extraction are used.
Credentials
No environment variables or external credentials are requested. The Feishu webhook is provided in a local config file (config.yaml) which is appropriate for posting messages. The amount and kind of access requested are proportional to the stated functionality.
Persistence & Privilege
Skill is not forced-always and uses normal invocation. It does not modify other skills or system-wide settings. It will run scheduled jobs if the user configures a cron, which is expected for this use case.
Assessment
This skill appears to do exactly what it says: pull yesterday's arXiv papers, score them locally, and post text messages to a Feishu webhook you supply in config.yaml. Before installing or scheduling it, consider: (1) the Feishu webhook URL is effectively a secret that allows posting to that group — only use a webhook for a channel you control and rotate/revoke it if leaked; (2) the config file stores the webhook in plaintext on disk, so restrict file permissions where you run this; (3) the skill makes outbound HTTP requests to arXiv and Feishu, so run it in a network environment you trust; (4) pin dependency versions (requirements.txt is present) and review/keep dependencies updated; and (5) if you want stricter separation, run the script in a sandboxed account or container with limited privileges. Overall, nothing in the bundle is disproportionate or covert.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cv4x34908ka9zn8jgrswfn184vn46

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments