← Back to Skills Marketplace
wanng-ide

Arxiv Skill Learning

by WANGJUNJIE · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1348
Downloads
2
Stars
11
Active Installs
1
Versions
Install in OpenClaw
/install arxiv-skill-learning
Description
Orchestrates the continuous learning of new skills from arXiv papers. Use this to trigger a learning cycle, which fetches papers, extracts code/skills, and s...
README (SKILL.md)

ArXiv Skill Learning

Usage

const learner = require('./index');
const result = await learner.main();

Workflow

  1. Patrol: Checks arXiv for relevant new papers (Agent, LLM, Tool Use).
  2. Extract: Uses arxiv-skill-extractor to generate skill code.
  3. Test: Runs generated tests.
  4. Solidify: Commits the new skill to the workspace.

Configuration

  • Target Categories: cs.AI, cs.CL, cs.LG, cs.SE
  • Schedule: Hourly
Usage Guidance
This skill's stated purpose matches what the code mostly does, but there are two issues to consider before installing: (1) SKILL.md promises a 'commit'/'solidify' step and scheduled runs that the code does not implement — expect the skill to only extract, smoke-test, and record metadata unless additional code exists elsewhere. (2) The extractor supplies a smokeTestCommand which this skill executes via child_process.exec in the workspace root. If the extractor or paper_client modules (required from relative paths) are untrusted or can be influenced by external inputs, that command execution could run arbitrary shell commands with the agent's workspace permissions. Recommendations: only install if you audit or control the local modules ../arxiv-paper-reviews/paper_client and ../arxiv-skill-extractor; run the skill in an isolated sandbox or CI runner with limited filesystem/network permissions; add validation/whitelisting of smokeTestCommand (or run tests in a container); and reconcile the SKILL.md vs actual behavior (committing and scheduling) so you understand what will happen. If you cannot verify the extractor and paper_client code, treat this skill as risky and avoid granting it access to sensitive workspaces.
Capability Analysis
Type: OpenClaw Skill Name: arxiv-skill-learning Version: 1.0.0 The `arxiv-skill-learning` skill is classified as suspicious due to a critical shell injection vulnerability in `index.js`. The skill executes a `smokeTestCommand` generated by the `arxiv-skill-extractor` skill using `child_process.exec` without apparent input sanitization. This allows for arbitrary command execution on the host system if the `arxiv-skill-extractor` skill is compromised or intentionally malicious, as the command is run from the `WORKSPACE_ROOT` with broad access, enabling potential RCE.
Capability Assessment
Purpose & Capability
The name/description align with the code: it finds papers, calls a paper_client and an extractor, runs a smoke test, and records learned papers. However, SKILL.md claims a 'Solidify: Commits the new skill to the workspace' step and an hourly schedule; the index.js implementation does not perform any commit, publishing, or scheduling. That is a clear mismatch between documentation and implementation.
Instruction Scope
index.js requires local modules (paper_client and arxiv-skill-extractor) and will execute a smokeTestCommand returned by the extractor using child_process.exec with cwd set to the workspace root. Running extractor-provided shell commands in the agent's workspace is high-risk if extractor or its outputs are untrusted. The code also writes a learned_papers.json into the workspace memory path — reading/writing workspace state is expected for an orchestrator but combined with arbitrary command execution increases blast radius.
Install Mechanism
There is no install spec (instruction-only plus a local index.js). Nothing is downloaded from the network by the skill itself. That lowers supply-chain risk, but the code does spawn shell commands, which is an execution-time risk rather than an install-time risk.
Credentials
The skill requests no environment variables or external credentials — that is proportional and good. However, it executes commands inside WORKSPACE_ROOT and reads/writes memory/evolution/learned_papers.json. Because smokeTestCommand originates from the extractor, lack of credential demands doesn't eliminate the potential for the extractor to run arbitrary actions with the agent's filesystem privileges.
Persistence & Privilege
always:false (no forced always-on). The skill persists learned paper metadata to the workspace (memory/evolution/learned_papers.json) which is within expected scope. Autonomous invocation is allowed (platform default); combined with the ability to run extractor-supplied commands this raises the importance of trusting the extractor and paper_client modules.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install arxiv-skill-learning
  3. After installation, invoke the skill by name or use /arxiv-skill-learning
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of arxiv-skill-learning: - Automates continuous learning of new skills from arXiv papers. - Fetches new papers in categories cs.AI, cs.CL, cs.LG, cs.SE. - Extracts implementable code/skills using arxiv-skill-extractor. - Runs tests and commits validated skills automatically. - Designed for hourly operation.
Metadata
Slug arxiv-skill-learning
Version 1.0.0
License
All-time Installs 11
Active Installs 11
Total Versions 1
Frequently Asked Questions

What is Arxiv Skill Learning?

Orchestrates the continuous learning of new skills from arXiv papers. Use this to trigger a learning cycle, which fetches papers, extracts code/skills, and s... It is an AI Agent Skill for Claude Code / OpenClaw, with 1348 downloads so far.

How do I install Arxiv Skill Learning?

Run "/install arxiv-skill-learning" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Arxiv Skill Learning free?

Yes, Arxiv Skill Learning is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Arxiv Skill Learning support?

Arxiv Skill Learning is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Arxiv Skill Learning?

It is built and maintained by WANGJUNJIE (@wanng-ide); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments