Skillv1.1.0

ClawScan security

Ai Paper Survey · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 27, 2026, 11:07 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and instructions are internally consistent with its stated purpose (surveying papers), but it relies on external services and another installed skill—verify those integrations and local files before use.
Guidance: This skill appears to do what it says: search for, screen, read, and summarize recent AI papers. Before installing or running it, check the following: 1) Confirm your platform provides and secures the alphaXiv MCP integration (authentication/credentials) since the skill assumes that connection but doesn't declare credentials. 2) Ensure the paper-impact-analyzer skill or the referenced python script is installed from a trusted source—the skill will invoke that script locally. 3) Review any local 'research-keywords*.md' or similarly named files you keep in the working directory; the skill will read them and may use their contents to search and filter papers. 4) Be comfortable with the skill retrieving full paper texts via the external MCP service (this may transmit queries/IDs to that service). If any of these prerequisites are missing or untrusted, either provide vetted integrations or avoid running the skill until you can verify them.

Review Dimensions

Purpose & Capability: okThe name/description match the runtime instructions: the skill searches papers (via alphaXiv MCP tools), screens and reads full text for top candidates, runs an impact analyzer, and writes a Markdown report. Requiring the python binary and a paper-impact-analyzer dependency is proportional to this workflow.
Instruction Scope: noteThe SKILL.md explicitly instructs the agent to read a research keywords file from the current working directory (files matching specific patterns) and to call alphaXiv MCP APIs (embedding_similarity_search, full_text_papers_search, get_paper_content). It also runs a local python script from the paper-impact-analyzer. These actions are appropriate for the task but you should be aware the skill will read files in your working directory and fetch full paper text via the external alphaXiv service.
Install Mechanism: okThis is instruction-only with no install spec or code to write to disk. That is low risk — nothing is downloaded or installed by the skill itself.
Credentials: noteThe skill does not request environment variables or credentials in the metadata, but it requires an alphaXiv MCP server connection and a separate paper-impact-analyzer skill to be present. The SKILL.md assumes those integrations exist; ensure authentication for alphaXiv (if required) is provided by the platform and not implicitly expected from the user environment.
Persistence & Privilege: okalways is false and the skill does not ask to modify other skills or system-wide agent settings. It writes a report to the working directory, which is expected behavior.