arxiv_deep_reader
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is coherent for reading public arXiv papers with a configured LLM API, with normal setup, credential, and prompt-injection considerations.
Before installing, confirm the LLM endpoint is one you trust, use a limited API key if possible, install dependencies in an isolated virtual environment, and verify generated paper notes against the original arXiv paper.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your LLM API key will be used to send the selected paper content to the configured OpenAI-compatible provider.
The skill uses the configured LLM provider endpoint and API key to run the reading agents.
ChatOpenAI(
base_url=config.LLM_BASE_URL,
api_key=config.LLM_API_KEY,Use a provider and API key you trust, preferably with limited billing/quota, and verify LLM_BASE_URL before running.
A malicious or unusual paper could include text that tries to steer the model's notes or appendix decision, though there is no evidenced tool use or data mutation path.
The body of the fetched paper is inserted directly into the LLM prompt as reading material.
现在请阅读论文的主体部分(方法、实验、分析等),补充详细分析。
...
---
{main_body}Treat generated notes as model output from untrusted paper text; verify important conclusions against the original paper.
Future dependency versions could change behavior or introduce vulnerabilities even though package installation is expected for this Python skill.
The dependency list uses version ranges and one unpinned package, so installs may resolve to newer package versions.
langchain>=1.2.9 langchain-openai>=1.1.7 requests>=2.31.0 python-dotenv>=1.0.0 arxiv>=2.1.0 arxiv-to-prompt
Install in a virtual environment and consider pinning or reviewing dependency versions before use.