ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Arxiv Research Secure

v1.0.0

Secure ArXiv paper search and download tool with local caching, AI summarization, research logging, and no shell command execution.

0· 31·0 current·0 all-time
byhoussam-eddine@houssameddinemaatallah
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
SKILL.md advertises a full CLI (arxiv-secure), LLM-based summarization, and multiple helper modules (paper_summarizer.py, research_logger.py, pdf_downloader.py, references/, assets/) but the package only contains SKILL.md and a single scripts/arxiv_client.py. There is no install or CLI entrypoint, and no declared environment variables or credentials for any LLM provider despite claiming 'AI summarization'. These mismatches mean required capabilities are not provided or not justified by requested configuration.
!
Instruction Scope
The instructions focus on search, download, summarization and local logging (consistent with purpose), but the implementation has gaps: fetch_paper_pdf writes files using an unsanitized paper_id (cleaning only removes the 'arXiv:' prefix), which can lead to path-traversal-style writes (e.g., '../../escape.pdf'). The validate_query sanitization applies only to search queries, not to paper IDs or other user-supplied identifiers. SKILL.md also instructs CLI usage with shell redirection (e.g., '> weekly_report.md'), but there's no provided CLI binary or install steps.
Install Mechanism
No install spec is provided (instruction-only), which minimizes installer risk. However, the skill claims a CLI and additional modules that are not present; that absence is an integrity/usability concern rather than an install risk.
!
Credentials
The skill advertises LLM-based summarization yet declares no required environment variables or primary credential (no OPENAI_/OTHER_API_KEY). That is inconsistent: summarization normally requires an external LLM API key or a bundled model. It also reads OPENCLAW_WORKSPACE if set (not declared) and writes into the workspace. Network access is limited to arxiv hosts in code, which is proportionate, but the missing LLM credential declaration is suspicious.
Persistence & Privilege
always:false and default autonomy settings are normal. The skill writes only to a workspace-local cache and research log (no evidence it alters other skills or system-wide agent config). The persistence level is appropriate for a local caching tool.
What to consider before installing
This skill is inconsistent: it claims a CLI and LLM summarization but only ships one Python file and no declared API keys or install steps. Before installing or running it, ask the author for: (1) the missing modules and a real CLI entrypoint or an installation method; (2) which LLM provider is used and which environment variables are required (and why none are declared); (3) a fix for file-write sanitization (ensure paper IDs cannot cause path traversal and that saved files stay inside the cache dir). If you must evaluate code locally, run it in a sandboxed environment with limited filesystem permissions and no sensitive credentials, and review any additional files the author provides.

Like a lobster shell, security has layers — review code before you run it.

latestvk974zdvbqv0gcd6crd5zz3svy983ydhr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments