Skillv1.1.0

ClawScan security

arXiv 论文推荐器 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 15, 2026, 3:17 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions are coherent with its stated purpose: it searches arXiv, finds GitHub links, verifies repositories, analyses abstracts, and writes recommendation reports and a local history; it does network I/O and writes files under the user's home but requests no credentials or unusual privileges.
Guidance: This skill appears coherent and implements what it claims: it queries arXiv and arxiv.org pages, calls the public GitHub repo API (unauthenticated), analyzes abstracts, and writes recommendations and a small history to ~/papers. Things to consider before installing: 1) it will perform outbound HTTP(S) requests to export.arxiv.org, arxiv.org, and api.github.com — ensure your environment/network policy allows that; 2) it writes files to your home directory (~/papers); review or sandbox those writes if you have policy or privacy concerns; 3) GitHub API calls are unauthenticated and subject to rate limits — if you expect heavy use you may want to modify the code to use a token (this would require adding a credential); 4) if you want to audit behavior, inspect the three scripts (search.py, recommend.py, analyze.py) — they are short and readable; 5) the SKILL.md path suggestions assume the skill lives under ~/.openclaw/workspace/skills/, so confirm that path before running. Overall the skill is internally consistent, but follow standard caution: review included scripts and run in a controlled environment if you have strict security requirements.

Review Dimensions

Purpose & Capability: okName/description (arXiv paper recommender that verifies GitHub code and generates reports) matches the included scripts (search.py, recommend.py, analyze.py). The required operations (fetch arXiv, fetch arXiv pages, call GitHub repo API, analyze text, write Markdown reports) are all consistent with the stated functionality.
Instruction Scope: okSKILL.md instructs running the bundled recommend.py and reading reports. The runtime instructions and scripts only reference arXiv and GitHub endpoints and local files (~/papers/* and ~/.openclaw/.../scripts). The skill reads/writes its own history and report files (~/papers/history.json and ~/papers/recommendations/...), which is expected for a recommender and not outside the declared scope.
Install Mechanism: okNo install spec; code is included and run directly (instruction-only install). No downloads from external URLs or package installs are invoked by the skill itself, so there is no high-risk install mechanism in the bundle.
Credentials: okThe skill requires no environment variables or credentials. It uses public arXiv endpoints and unauthenticated GitHub API calls (api.github.com). No secrets are requested or accessed, so credential requests are proportionate to the described task.
Persistence & Privilege: noteThe skill persists state by creating and updating files under the user's home directory: ~/papers/history.json and Markdown reports under ~/papers/recommendations. always:false (normal). This is within reason for a recommender, but users should be aware of the local file writes and the path hardcoded in SKILL.md.