Skillv0.0.2

ClawScan security

Paper Digest · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 8, 2026, 1:05 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requested actions (fetch arXiv HTML, choose up to 5 citations, spawn sub-agents to fetch those citations, and write markdown summaries into a workspace) match its name and description and do not request unrelated credentials or installs.
Guidance: This skill is internally coherent with its stated purpose, but consider these practical points before installing: (1) It will make outbound HTTP requests to arxiv.org and create files under ~/.openclaw/workspace/ — inspect that directory after use and ensure you are comfortable with those disk writes. (2) It spawns sub-agents (the platform default allows autonomous invocation) which will also fetch pages and write summaries; if you prefer tighter control, run the skill only interactively (user-invocable) or disable autonomous skill invocation in your agent settings. (3) The skill does not request credentials or access other system files, but verify your agent platform does not grant broader filesystem or network privileges that you haven't intended. (4) If you are concerned about data leakage or want auditable runs, run it in a sandboxed account/environment or review produced markdown files before further sharing. Overall there are no mismatches or suspicious requirements detected.

Review Dimensions

Purpose & Capability: okName/description (fetch a paper, read key citations, produce an executive summary) align with the instructions: web.fetch of arXiv pages, citation extraction, spawning sub-agents to fetch citation pages, and writing markdown summaries. The skill does not request unrelated binaries, credentials, or config paths.
Instruction Scope: okRuntime instructions are specific and limited to fetching arXiv pages, extracting up to five citations, and writing summaries. The SKILL.md explicitly restricts citation selection and mandates citation-resolution behavior. The instructions do access and write files under ~/.openclaw/workspace/, which is consistent with producing persistent summaries for the stated purpose.
Install Mechanism: okNo install spec or code files are present (instruction-only skill), so nothing is written to disk by an installer and no external code is fetched beyond runtime web requests to arXiv.org.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The actions described (HTTP fetches to arXiv and reading/writing workspace files) are proportionate to the stated task.
Persistence & Privilege: noteThe skill writes persistent files into ~/.openclaw/workspace/papers/ and ~/.openclaw/workspace/digest/, and spawns sub-agents that will perform similar writes. It does not request always:true or system-wide config changes, but users should be aware it will create and reuse files in that workspace.