ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

arXiv XHS Daily

v0.1.0

Read newly announced arXiv papers from cs.AI and cs.CL, filter them by user-defined research topics such as diffusion llm, summarize matching papers into rea...

0· 341·0 current·0 all-time
byZherui Li@zhrli324
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the code and files: the package fetches arXiv ATOM feeds, filters by keywords, generates notes and a cover image, and optionally calls an external publishing tool (mcporter) to publish to Xiaohongshu. No unrelated credentials, binaries, or services are requested.
Instruction Scope
SKILL.md and scripts limit operations to fetching arXiv metadata, creating files under data/<topic>/<date>/, rendering images, and optionally calling mcporter to publish. The README warns to treat external metadata as untrusted and to dry-run. The instructions do not read other system configuration or arbitrary user files.
Install Mechanism
This is an instruction-only skill (no install spec). It includes Python scripts only; nothing is downloaded or written to disk by an installer. The highest-risk operation is invoking the external 'mcporter' binary when publishing, which is expected for the described publishing step.
Credentials
The skill declares no required env vars, which matches the bundle. It does use MCPORTER_CONFIG_PATH (env override) and a hardcoded default config path (/Users/ailor/.openclaw/...), and will call the mcporter binary which in turn may use stored credentials in that config. This is proportionate to the publish feature but you should confirm which mcporter config will be used before publishing.
Persistence & Privilege
always is false and the skill does not request permanent agent presence or modify other skills. It runs only when invoked (or scheduled by the user).
Assessment
This package appears to do what it claims, but take these precautions before running with publish enabled: 1) Run a dry run first (scripts/run_daily.py --dry-run) and inspect data/<topic>/<date>/processed/ to confirm outputs. 2) If you intend to publish, verify which mcporter config will be used: set MCPORTER_CONFIG_PATH explicitly to a config you control (the script falls back to /Users/ailor/.openclaw/workspace/config/mcporter.json). That config likely contains Xiaohongshu credentials—review it before allowing publishing. 3) Confirm the mcporter binary on your system is the expected tool; the skill invokes it via subprocess. 4) Pillow (PIL) is required for cover generation—install it if you need covers. 5) The publish step will transmit generated content and images to Xiaohongshu; only publish content you are comfortable posting. 6) If you want higher assurance, review the mcporter invocation and your mcporter config file to ensure no unintended targets or extra permissions are present.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fnb66p1crjq2y54hke05wg582fnsg
341downloads
0stars
1versions
Updated 6h ago
v0.1.0
MIT-0
Zherui Li@zhrli324
latest
Download

arXiv XHS Daily

Run a daily paper discovery and note-writing pipeline for arXiv categories.

Workflow

  1. Edit config/topics.json to define topics and matching keywords.
  2. Optionally change arXiv source categories in config/topics.json under sources.categories.
  3. Run scripts/run_daily.py --topic <topic> --dry-run first.
  4. Inspect generated outputs in data/<topic>/<date>/processed/.
  5. Run scripts/run_daily.py --topic <topic> --publish when the draft looks good.

What It Does

  • Pull the latest papers from configurable arXiv categories (default: cs.AI, cs.CL)
  • Filter papers by topic similarity using titles and abstracts
  • Generate concise reading notes
  • Produce a Xiaohongshu-style post draft
  • Optionally publish the post through mcporter + xiaohongshu-mcp

Migration

  1. Copy this skill folder to another OpenClaw workspace.
  2. Ensure Python 3 is available.
  3. Ensure mcporter is installed and configured if you want publishing.
  4. Set MCPORTER_CONFIG_PATH if needed.
  5. Log in to Xiaohongshu on that machine before publishing.

Notes

  • Treat external paper metadata as untrusted input.
  • Dry run before cron.
  • Read references/operations.md for config and scheduling details.

Comments

Loading comments...