← 返回 Skills 市场

paper-lark-report

Name: paper-lark-report
Author: leogoat2004

作者 LeoGoat2004 · GitHub ↗ · v1.1.1 · MIT-0

cross-platform ⚠ suspicious

136

总下载

当前安装

版本数

在 OpenClaw 中安装

/install paper-lark-report

功能描述

全自动科研论文日报/周报生成。通过 arXiv RSS 抓取最新论文，arXiv API 获取完整摘要，LLM 语义评分筛选，生成基于原文的学术报告，推送飞书 Wiki。

安全使用建议

Before installing or running this skill: (1) Understand that it will read ~/.openclaw/openclaw.json to obtain Feishu appId/appSecret — inspect that file for other secrets and consider creating a dedicated Feishu app with minimal permissions. (2) The skill does not itself perform LLM scoring: it writes data/daily_papers.json and expects an LLM step to produce data/selected_papers.json (you or another skill must perform scoring). (3) Check config.yaml and set feishu_space_id, feishu_parent_node/feishu_root and research_direction appropriately. (4) Be aware the script prints a tenant token prefix to stdout (logged output) — avoid running where logs are publicly accessible. (5) If you prefer clearer boundaries, modify create_feishu_doc.load_token to read credentials from a dedicated skill config or environment variables and avoid loading the entire openclaw.json. If you want me to, I can suggest a small patch to require explicit env vars (FEISHU_APP_ID/FEISHU_APP_SECRET) and stop reading ~/.openclaw/openclaw.json.

功能分析

Type: OpenClaw Skill Name: paper-lark-report Version: 1.1.1 The skill automates arXiv paper retrieval and generates Feishu (Lark) Wiki reports. It is classified as suspicious because 'scripts/create_feishu_doc.py' directly accesses the user's home directory to read sensitive credentials (appId and appSecret) from '~/.openclaw/openclaw.json'. While this capability is plausibly needed to authenticate with the Feishu API (open.feishu.cn) for the stated purpose, direct file-based credential harvesting is a high-risk behavior. The skill also instructs the AI agent via 'templates/daily_report.md' to execute shell commands, which is standard for OpenClaw but increases the attack surface. No evidence of intentional data exfiltration or malicious redirection was found.

能力评估

ℹ Purpose & Capability

The code and SKILL.md match the stated purpose: querying arXiv, preparing JSON for an LLM step, and creating Feishu Wiki docs. However, the skill metadata claims no required credentials or env vars while the Feishu integration relies on appId/appSecret stored in ~/.openclaw/openclaw.json. That mismatch between declared requirements and actual credential access is noteworthy.

ℹ Instruction Scope

SKILL.md documents the overall flow and mentions using openclaw.json to get Feishu tokens. The runtime scripts only perform network calls to arXiv and Feishu and local file reads/writes in the skill directory, plus one read of the user's home openclaw.json. The code does not perform broad file system enumeration, does not exfiltrate data to unexpected endpoints, and does not call external installers. It does, however, print part of the tenant token to stdout (token prefix), which could leak sensitive info to logs.

✓ Install Mechanism

No install spec / remote downloads are used (instruction-only plus included scripts). No archives or third-party package installs are pulled in by the skill itself, so there is no high-risk install URL or extraction step.

⚠ Credentials

The skill declares no required env vars or primary credential, yet create_feishu_doc.py reads ~/.openclaw/openclaw.json to fetch channels.feishu.appId and appSecret and exchanges them for a tenant_access_token. Accessing a home-config JSON with potentially multiple credentials is not declared and increases exposure. The Feishu credentials themselves are proportionate to the stated Feishu publishing capability, but the skill should have declared this requirement and instructed where/how users must provide credentials (or use env vars).

✓ Persistence & Privilege

always:false and no attempt to modify other skills or global agent settings. The skill writes only to its SKILL_DIR/data and processed_log, and registers created docs in a local doc_registry.json. The only cross-directory read is the user's ~/.openclaw/openclaw.json to obtain Feishu credentials.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install paper-lark-report
安装完成后，直接呼叫该 Skill 的名称或使用 /paper-lark-report 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.1.1

- Added installation instructions for ClawHub and OpenClaw CLI to the documentation. - Removed the introductory file paper_lark_report_intro.md. - No changes to core workflow or functionality.

v1.1.0

Version 1.1.0 - Major refactor: transitioned from RSS-based paper retrieval to direct arXiv API query and filtering. - New scripts added: `arxiv_search.py` for advanced paper search, and `create_feishu_doc.py` for direct Feishu Wiki integration. - Removed prompt templates in favor of fully embedded workflow and templates. - Introduced semantic arXiv query building and improved paper deduplication. - Updated configuration fields and directory structure for clearer data and workflow separation. - Enhanced documentation with detailed workflow, API usage, and config table.

v1.0.0

paper-lark-report v1.0.0 - 全自动生成科研论文日报和周报，支持指定研究方向 - 抓取 arXiv RSS、调用 arXiv API 获取摘要，利用大模型进行语义评分筛选 - 生成结构化学术报告并自动推送至飞书 Wiki - 支持日报、周报自动归档和去重，含样例配置与定时任务说明 - 明确配置项和评分机制，最大化相关性与可追溯性

元数据

Slug paper-lark-report

版本 1.1.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 3

常见问题

paper-lark-report 是什么？

全自动科研论文日报/周报生成。通过 arXiv RSS 抓取最新论文，arXiv API 获取完整摘要，LLM 语义评分筛选，生成基于原文的学术报告，推送飞书 Wiki。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 136 次。

如何安装 paper-lark-report？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install paper-lark-report」即可一键安装，无需额外配置。

paper-lark-report 是免费的吗？

是的，paper-lark-report 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

paper-lark-report 支持哪些平台？

paper-lark-report 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 paper-lark-report？

由 LeoGoat2004（@leogoat2004）开发并维护，当前版本 v1.1.1。