arxivkb
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing may change the user's Python environment and depends on external package/model registries.
The installer downloads or upgrades third-party Python packages and pulls an Ollama model. This is purpose-aligned, but the dependencies are unpinned external supply-chain inputs.
pip_install(["faiss-cpu", "pdfplumber", "arxiv", "numpy", "requests", "tiktoken"]) ... run(["ollama", "pull", "nomic-embed-text"], check=False)
Install in a virtual environment where possible, review the packages, and consider pinning versions if reproducibility matters.
The skill may continue making arXiv requests, using Ollama, and writing local index data on a schedule until the timer is disabled.
The Linux installer enables a user-level scheduled timer that runs the ingest workflow daily after installation.
run(["systemctl", "--user", "enable", "akb-crawler.timer"], check=False) ... OnCalendar=*-*-* 03:00:00
After installation, check the `akb-crawler.timer` systemd user timer or macOS launchd plist and disable it if you prefer manual-only ingestion.
A user or agent invoking expiry with the no-confirm flag can remove locally indexed arXiv content.
The documented expiry command can delete older stored papers, PDFs, and chunks, including with confirmation skipped. This is scoped cleanup for the skill's own data.
akb expire --days 30 -y # Skip confirmation
Use expiry commands deliberately, avoid `-y` unless you are sure, and back up the data directory if the local index matters.