← 返回 Skills 市场

Arxiv Research Secure

Name: Arxiv Research Secure
Author: houssameddinemaatallah

作者 houssam-eddine · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install arxiv-research-secure

功能描述

Secure ArXiv paper search and download tool with local caching, AI summarization, research logging, and no shell command execution.

使用说明 (SKILL.md)

ArXiv Research Assistant Secure

name: arxiv-research-secure
description: Advanced ArXiv paper search with local caching, smart summarization, and research tracking. Secure alternative with no shell execution.

ArXiv Research Assistant Secure

Overview

Advanced research tool for ArXiv papers:

Smart search — Multi-keyword, author, category filtering
Local caching — Avoid repeated API calls, offline reading
AI summarization — Automatic abstract extraction with LLM
Research tracking — Log papers to structured markdown
PDF download — Local storage with metadata
Zero shell — Pure Python, no curl/wget/exec

Security Model

Network Isolation

# Only HTTPS to export.arxiv.org
ALLOWED_HOSTS = ["export.arxiv.org", "arxiv.org"]
TIMEOUT_SECONDS = 30
MAX_RETRIES = 3

Input Validation

def validate_query(query: str) -> str:
    # Block injection attempts
    FORBIDDEN = [";", "|", "&", "$", "`", "\"", "'", "\x3C", ">", "..", "//"]
    for char in FORBIDDEN:
        if char in query:
            raise ValueError(f"Invalid character in query: {char}")
    return query[:200]  # Max 200 chars

Local Storage Only

CACHE_DIR = WORKSPACE / ".arxiv_cache"
PAPERS_DIR = CACHE_DIR / "papers"
METADATA_DIR = CACHE_DIR / "metadata"

# No external network after download
# All operations on local files

Capabilities

1. Search Papers

arxiv-secure search "transformer energy consumption" --max=10 --sort=relevance
arxiv-secure search "author:LeCun" --category=cs.LG
arxiv-secure search "LLM reasoning" --date-from=2024-01-01

2. Download & Cache

arxiv-secure fetch 2501.12345           # Download by ID
arxiv-secure fetch --search="query" --auto-download  # Download all results

3. Smart Summary

arxiv-secure summarize 2501.12345       # AI summary of paper
arxiv-secure summarize --file=paper.pdf # Summarize local PDF

4. Research Log

arxiv-secure log 2501.12345             # Add to research log
arxiv-secure log --search="query" --auto-log
arxiv-secure list-log                   # Show research history
arxiv-secure export-log --format=md     # Export for reports

5. Manage Cache

arxiv-secure cache-list                 # List cached papers
arxiv-secure cache-clear --older-than=30d
arxiv-secure cache-stats                # Disk usage

6. Batch Operations

arxiv-secure batch --search="volatility modeling" --max=20 --download --summarize --log

Workflow Examples

Daily Research Digest

# Morning: Check new papers on your topics
arxiv-secure search "quantitative finance volatility" --date-from=yesterday --max=5 --summarize

# Log interesting ones
arxiv-secure log 2501.12345
arxiv-secure log 2501.12346

# Export weekly report
arxiv-secure export-log --format=md --since=last-week > weekly_report.md

Deep Research Session

# Search broadly
arxiv-secure search "transformer energy efficiency" --max=50

# Download all
arxiv-secure batch --search="transformer energy efficiency" --max=20 --download

# Summarize batch
arxiv-secure batch --ids=2501.12345,2501.12346,2501.12347 --summarize

# Log to research tracker
arxiv-secure batch --ids=2501.12345,2501.12346 --log

Output Formats

Console Table

ID          Title                          Authors        Date     Category
2501.12345  Energy-Efficient LLMs          Smith et al.   2025-01  cs.LG
2501.12346  Transformer Optimization         Chen et al.    2025-01  cs.CL

Markdown Log

## [2025-01-15] Research: Energy-Efficient LLMs
- **Paper**: Energy-Efficient Transformers for Edge Devices
- **Authors**: Smith, J., Chen, L., Kumar, R.
- **arXiv**: 2501.12345
- **Category**: cs.LG (Computation and Language)
- **Summary**: Proposes a novel pruning technique...
- **Relevance**: High - directly applicable to RTE volatility prediction models
- **Downloaded**: ✅ paper_2501.12345.pdf

JSON Export

{
  "query": "transformer energy",
  "date": "2025-01-15",
  "papers": [
    {"id": "2501.12345", "title": "...", "summary": "...", "relevance": 0.85}
  ]
}

Resources

scripts/

arxiv_client.py — Secure API client with caching
paper_summarizer.py — LLM-based summarization
research_logger.py — Structured logging to markdown
pdf_downloader.py — Safe PDF download and storage

references/

arxiv_api_reference.md — API documentation
research_templates.md — Log templates and formats

assets/

paper_template.md — Default paper log template

安全使用建议

This skill is inconsistent: it claims a CLI and LLM summarization but only ships one Python file and no declared API keys or install steps. Before installing or running it, ask the author for: (1) the missing modules and a real CLI entrypoint or an installation method; (2) which LLM provider is used and which environment variables are required (and why none are declared); (3) a fix for file-write sanitization (ensure paper IDs cannot cause path traversal and that saved files stay inside the cache dir). If you must evaluate code locally, run it in a sandboxed environment with limited filesystem permissions and no sensitive credentials, and review any additional files the author provides.

功能分析

Type: OpenClaw Skill Name: arxiv-research-secure Version: 1.0.0 The skill is a well-implemented ArXiv research tool that adheres to its stated security model. It uses a strict allowlist for network requests (export.arxiv.org and arxiv.org), implements input validation to prevent injection, and avoids shell execution by using Python's standard library (urllib). No evidence of data exfiltration, persistence, or malicious intent was found in scripts/arxiv_client.py or the documentation.

能力评估

⚠ Purpose & Capability

SKILL.md advertises a full CLI (arxiv-secure), LLM-based summarization, and multiple helper modules (paper_summarizer.py, research_logger.py, pdf_downloader.py, references/, assets/) but the package only contains SKILL.md and a single scripts/arxiv_client.py. There is no install or CLI entrypoint, and no declared environment variables or credentials for any LLM provider despite claiming 'AI summarization'. These mismatches mean required capabilities are not provided or not justified by requested configuration.

⚠ Instruction Scope

The instructions focus on search, download, summarization and local logging (consistent with purpose), but the implementation has gaps: fetch_paper_pdf writes files using an unsanitized paper_id (cleaning only removes the 'arXiv:' prefix), which can lead to path-traversal-style writes (e.g., '../../escape.pdf'). The validate_query sanitization applies only to search queries, not to paper IDs or other user-supplied identifiers. SKILL.md also instructs CLI usage with shell redirection (e.g., '> weekly_report.md'), but there's no provided CLI binary or install steps.

ℹ Install Mechanism

No install spec is provided (instruction-only), which minimizes installer risk. However, the skill claims a CLI and additional modules that are not present; that absence is an integrity/usability concern rather than an install risk.

⚠ Credentials

The skill advertises LLM-based summarization yet declares no required environment variables or primary credential (no OPENAI_/OTHER_API_KEY). That is inconsistent: summarization normally requires an external LLM API key or a bundled model. It also reads OPENCLAW_WORKSPACE if set (not declared) and writes into the workspace. Network access is limited to arxiv hosts in code, which is proportionate, but the missing LLM credential declaration is suspicious.

✓ Persistence & Privilege

always:false and default autonomy settings are normal. The skill writes only to a workspace-local cache and research log (no evidence it alters other skills or system-wide agent config). The persistence level is appropriate for a local caching tool.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install arxiv-research-secure
安装完成后，直接呼叫该 Skill 的名称或使用 /arxiv-research-secure 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Initial release of ArXiv Research Assistant Secure. - Offers advanced ArXiv paper search with multi-keyword, author, and category filtering. - Local caching supports offline access and reduced API calls. - Integrates AI-based summarization of papers and abstracts. - Research tracking features log papers to structured markdown with export options. - Includes secure PDF download and local storage; no shell commands or exec used. - Network access is restricted strictly to ArXiv with input validation for added security.

元数据

Slug arxiv-research-secure

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题