← 返回 Skills 市场

Arxiv Skill Learning

Name: Arxiv Skill Learning
Author: wanng-ide

作者 WANGJUNJIE · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

1348

总下载

当前安装

版本数

在 OpenClaw 中安装

/install arxiv-skill-learning

功能描述

Orchestrates the continuous learning of new skills from arXiv papers. Use this to trigger a learning cycle, which fetches papers, extracts code/skills, and s...

使用说明 (SKILL.md)

ArXiv Skill Learning

Usage

const learner = require('./index');
const result = await learner.main();

Workflow

Patrol: Checks arXiv for relevant new papers (Agent, LLM, Tool Use).
Extract: Uses arxiv-skill-extractor to generate skill code.
Test: Runs generated tests.
Solidify: Commits the new skill to the workspace.

Configuration

Target Categories: cs.AI, cs.CL, cs.LG, cs.SE
Schedule: Hourly

安全使用建议

This skill's stated purpose matches what the code mostly does, but there are two issues to consider before installing: (1) SKILL.md promises a 'commit'/'solidify' step and scheduled runs that the code does not implement — expect the skill to only extract, smoke-test, and record metadata unless additional code exists elsewhere. (2) The extractor supplies a smokeTestCommand which this skill executes via child_process.exec in the workspace root. If the extractor or paper_client modules (required from relative paths) are untrusted or can be influenced by external inputs, that command execution could run arbitrary shell commands with the agent's workspace permissions. Recommendations: only install if you audit or control the local modules ../arxiv-paper-reviews/paper_client and ../arxiv-skill-extractor; run the skill in an isolated sandbox or CI runner with limited filesystem/network permissions; add validation/whitelisting of smokeTestCommand (or run tests in a container); and reconcile the SKILL.md vs actual behavior (committing and scheduling) so you understand what will happen. If you cannot verify the extractor and paper_client code, treat this skill as risky and avoid granting it access to sensitive workspaces.

功能分析

Type: OpenClaw Skill Name: arxiv-skill-learning Version: 1.0.0 The `arxiv-skill-learning` skill is classified as suspicious due to a critical shell injection vulnerability in `index.js`. The skill executes a `smokeTestCommand` generated by the `arxiv-skill-extractor` skill using `child_process.exec` without apparent input sanitization. This allows for arbitrary command execution on the host system if the `arxiv-skill-extractor` skill is compromised or intentionally malicious, as the command is run from the `WORKSPACE_ROOT` with broad access, enabling potential RCE.

能力评估

ℹ Purpose & Capability

The name/description align with the code: it finds papers, calls a paper_client and an extractor, runs a smoke test, and records learned papers. However, SKILL.md claims a 'Solidify: Commits the new skill to the workspace' step and an hourly schedule; the index.js implementation does not perform any commit, publishing, or scheduling. That is a clear mismatch between documentation and implementation.

⚠ Instruction Scope

index.js requires local modules (paper_client and arxiv-skill-extractor) and will execute a smokeTestCommand returned by the extractor using child_process.exec with cwd set to the workspace root. Running extractor-provided shell commands in the agent's workspace is high-risk if extractor or its outputs are untrusted. The code also writes a learned_papers.json into the workspace memory path — reading/writing workspace state is expected for an orchestrator but combined with arbitrary command execution increases blast radius.

✓ Install Mechanism

There is no install spec (instruction-only plus a local index.js). Nothing is downloaded from the network by the skill itself. That lowers supply-chain risk, but the code does spawn shell commands, which is an execution-time risk rather than an install-time risk.

ℹ Credentials

The skill requests no environment variables or external credentials — that is proportional and good. However, it executes commands inside WORKSPACE_ROOT and reads/writes memory/evolution/learned_papers.json. Because smokeTestCommand originates from the extractor, lack of credential demands doesn't eliminate the potential for the extractor to run arbitrary actions with the agent's filesystem privileges.

ℹ Persistence & Privilege

always:false (no forced always-on). The skill persists learned paper metadata to the workspace (memory/evolution/learned_papers.json) which is within expected scope. Autonomous invocation is allowed (platform default); combined with the ability to run extractor-supplied commands this raises the importance of trusting the extractor and paper_client modules.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install arxiv-skill-learning
安装完成后，直接呼叫该 Skill 的名称或使用 /arxiv-skill-learning 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of arxiv-skill-learning: - Automates continuous learning of new skills from arXiv papers. - Fetches new papers in categories cs.AI, cs.CL, cs.LG, cs.SE. - Extracts implementable code/skills using arxiv-skill-extractor. - Runs tests and commits validated skills automatically. - Designed for hourly operation.

元数据

Slug arxiv-skill-learning

版本 1.0.0

许可证 —

累计安装 11

当前安装数 11

历史版本数 1

常见问题