arxivkb
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: arxivkb Version: 1.0.1 The skill is classified as suspicious due to its use of high-risk capabilities, specifically the installation of a persistence mechanism (systemd timer on Linux, launchd plist on macOS) and the execution of external commands via `subprocess.run` in `scripts/install.py`. While these actions are declared and appear to serve the skill's stated purpose (daily paper ingestion and dependency installation), they represent a significant attack surface. There is no clear evidence of intentional malicious behavior such as data exfiltration to unauthorized endpoints or malicious prompt injection attempts against the agent in SKILL.md. However, the ability to install system-level services and execute arbitrary commands (even if currently benign) warrants a 'suspicious' classification as per the critical distinction between vulnerability and malice.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing may change the user's Python environment and depends on external package/model registries.
The installer downloads or upgrades third-party Python packages and pulls an Ollama model. This is purpose-aligned, but the dependencies are unpinned external supply-chain inputs.
pip_install(["faiss-cpu", "pdfplumber", "arxiv", "numpy", "requests", "tiktoken"]) ... run(["ollama", "pull", "nomic-embed-text"], check=False)
Install in a virtual environment where possible, review the packages, and consider pinning versions if reproducibility matters.
The skill may continue making arXiv requests, using Ollama, and writing local index data on a schedule until the timer is disabled.
The Linux installer enables a user-level scheduled timer that runs the ingest workflow daily after installation.
run(["systemctl", "--user", "enable", "akb-crawler.timer"], check=False) ... OnCalendar=*-*-* 03:00:00
After installation, check the `akb-crawler.timer` systemd user timer or macOS launchd plist and disable it if you prefer manual-only ingestion.
A user or agent invoking expiry with the no-confirm flag can remove locally indexed arXiv content.
The documented expiry command can delete older stored papers, PDFs, and chunks, including with confirmation skipped. This is scoped cleanup for the skill's own data.
akb expire --days 30 -y # Skip confirmation
Use expiry commands deliberately, avoid `-y` unless you are sure, and back up the data directory if the local index matters.