HF Daily Papers (OFR Edition)
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to fetch public Hugging Face/arXiv paper listings and generate daily reports, with disclosed Telegram scheduling that should be configured carefully.
This looks reasonable for a public daily paper digest. Before enabling Telegram or cron delivery, verify the skill source, run it manually once, confirm the Telegram target, and make sure you know how to disable the scheduled job.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill will contact external paper services and may use the configured proxy.
The generator makes outbound requests to public paper sources to build the digest, which matches the stated purpose and does not show local sensitive data being sent.
"https://huggingface.co/papers" ... "https://huggingface.co/api/papers/{pid}" ... "http://export.arxiv.org/api/query"Use it only on networks/proxies you trust, and expect the generated report to contain external links and titles from those services.
If configured with the wrong target, the digest could be sent to an unintended Telegram user or channel.
The helper uses the local OpenClaw messaging identity to send the generated digest to a Telegram target supplied by environment variable.
TELEGRAM_TARGET="${TELEGRAM_TARGET:-}" ... "$OPENCLAW_BIN" message send --channel telegram --target "$TELEGRAM_TARGET" --message "$MSG" --silentSet TELEGRAM_TARGET deliberately, test with a private target first, and ensure the OpenClaw Telegram integration is the account/channel you intend to use.
Users have less provenance information and may need to inspect the included scripts rather than relying on registry metadata alone.
The registry metadata does not provide a verified source/homepage and does not declare the Telegram target variable used by the helper script, although the behavior is visible in the artifacts.
Source: unknown; Homepage: none; Required env vars: none
Verify the package origin and review the included scripts before enabling scheduled or Telegram-sending use.
If enabled, the skill may keep sending daily Telegram updates until the schedule is removed or disabled.
The skill documents a recurring daily Telegram push. This is disclosed and aligned with a daily-paper digest, but it is persistent behavior.
Cron 配置 ... 时间: 每天 08:00 上海时间 ... 推送: Telegram
Only enable the cron job if you want recurring delivery, and keep the listed job ID or schedule location available for later removal.