← Back to Skills Marketplace
newpaper
by
caoxinran102-sys
· GitHub ↗
· v1.0.0
· MIT-0
65
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install newpaper-skill
Description
将学术论文 PDF 自动转换为 PowerPoint 海报(PPTX)和 HTML 文件。支持 UniAPI、MiniMax 等 OpenAI 兼容 API。
Usage Guidance
Before running this skill, review and reduce risk: 1) Inspect the GitHub repository (https://github.com/caoxinran102-sys/Paper2Poster) manually — do not blindly run the clone+install steps. 2) Do NOT clone into your current working directory with '.', instead clone into a dedicated empty folder so existing files cannot be overwritten. 3) Run the code in an isolated environment (container/VM) or at minimum a dedicated conda environment to contain side effects. 4) Review requirements.txt and repository code for any network/exfiltration behavior before pip installing; prefer pinned, audited dependencies. 5) Use least-privilege API keys (create a dedicated key with limited scope/quotas) and avoid storing long-lived secrets in plaintext; consider using ephemeral or restricted keys and remove .env after use. 6) If you are unsure about the repo's trustworthiness, run the pipeline on a local, offline model or skip running remote code entirely. These steps will materially lower the risk of accidental data exposure or system modification.
Capability Analysis
Type: OpenClaw Skill
Name: newpaper-skill
Version: 1.0.0
The skill bundle instructs the agent to clone a repository from a personal GitHub account (caoxinran102-sys/Paper2Poster) rather than the official organization repository (Paper2Poster/Paper2Poster) mentioned in the README. It explicitly directs the agent to solicit sensitive credentials (OPENAI_API_KEY) from the user and store them in a .env file before executing arbitrary Python code from the cloned repository. This pattern of using a non-official fork to handle user secrets and execute code is a high-risk indicator of a potential supply chain attack, although no explicit exfiltration logic is present in the provided files.
Capability Tags
Capability Assessment
Purpose & Capability
The skill claims to convert PDFs to posters and the SKILL.md drives a known Paper2Poster GitHub repository which plausibly implements that functionality. However, the skill metadata declares no required environment variables or credentials while the instructions explicitly ask the user to provide OPENAI_API_KEY and OPENAI_BASE_URL — an inconsistency between declared requirements and runtime behavior.
Instruction Scope
The runtime instructions tell the agent to: git clone https://github.com/caoxinran102-sys/Paper2Poster.git into the current directory (using '.'), create/activate a conda env, pip install -r requirements.txt, create a .env with the user's API key/base URL, and run a pipeline that will process the user-provided PDF. Cloning into '.' can overwrite files in the current working directory; pip installing repository dependencies executes arbitrary third‑party code. The instructions also place sensitive secrets (.env) into the project folder. There is no step to inspect the cloned code before execution.
Install Mechanism
Although the skill bundle itself is instruction-only (no install spec), the instructions perform an explicit remote fetch (git clone from a GitHub repo) and then run pip install. Downloading and executing code from a third‑party GitHub repo and installing its dependencies is a higher-risk install pattern. The GitHub host is a known service (better than a random IP), but cloning directly into the current directory and auto-installing dependencies without review increases risk.
Credentials
The only runtime secrets requested are OPENAI_API_KEY and OPENAI_BASE_URL, which are reasonable for interacting with OpenAI-compatible APIs. However, the registry metadata declared no required env vars or primary credential, creating a mismatch. The instructions also instruct writing these credentials into a .env file in the project folder—this is normal for API usage but has privacy/secret-storage implications and should be handled carefully.
Persistence & Privilege
The skill is not marked always:true and does not request elevated platform privileges. It does, however, write files to disk (clone repo, create .env) and create a conda environment. Those are expected for this functionality but mean the skill will alter your filesystem and environment; the instructions do not request permanent platform-level changes beyond those local modifications.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install newpaper-skill - After installation, invoke the skill by name or use
/newpaper-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
paper2poster v1.0.0 – Initial release
- Converts academic paper PDFs into PowerPoint posters (PPTX) and HTML files using OpenAI-compatible APIs (e.g., UniAPI, MiniMax).
- Guides users through environment checks, dependency installation, and key configuration.
- Supports error handling and automatic retries for common API and pipeline failures.
- Simple usage: provide a paper PDF (and optional logo); receive poster files as output.
Metadata
Frequently Asked Questions
What is newpaper?
将学术论文 PDF 自动转换为 PowerPoint 海报(PPTX)和 HTML 文件。支持 UniAPI、MiniMax 等 OpenAI 兼容 API。 It is an AI Agent Skill for Claude Code / OpenClaw, with 65 downloads so far.
How do I install newpaper?
Run "/install newpaper-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is newpaper free?
Yes, newpaper is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does newpaper support?
newpaper is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created newpaper?
It is built and maintained by caoxinran102-sys (@caoxinran102-sys); the current version is v1.0.0.
More Skills