ClawHub

Arxiv Research Secure

Security checks across malware telemetry and agentic risk

Overview

This ArXiv helper is mostly purpose-aligned, but crafted paper IDs can write files outside the intended cache, so it needs review before installation.

Install only if you are comfortable with local ArXiv caching and persistent research logs. Until the paper-ID path handling is fixed, use only normal arXiv IDs and do not let untrusted text or automation supply fetch/log IDs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tainted flow: 'pdf_path' from os.environ.get (line 260, credential/environment) → open (file write)

Medium
Category
Data Flow
Content
# Save
    try:
        with open(pdf_path, 'wb') as f:
            f.write(data)
        return True, str(pdf_path)
    except Exception as e:
Confidence
89% confidence
Finding
with open(pdf_path, 'wb') as f:

Missing User Warnings

Low
Confidence
86% confidence
Finding
The skill explicitly advertises local caching, PDF download, and research tracking, but the description does not clearly warn users that downloaded papers, metadata, and logs may persist on disk and reveal their research interests over time. This is a real privacy and transparency issue, especially on shared workspaces or managed environments, even though it does not by itself enable code execution or direct compromise.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The fetch operation performs network download and persistent local file writes without any explicit disclosure, confirmation, or dry-run behavior. In an agent-skill context, silent side effects are more dangerous because users may expect informational retrieval but instead trigger durable filesystem changes and storage of untrusted remote content.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The log operation persistently stores paper metadata and free-form notes to a local markdown file without warning the user that data will be retained. In an agent context this can expose sensitive research interests, notes, or operational context through unintended local persistence.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The export feature writes a JSON file containing accumulated research-log data without informing the user about the new artifact or its contents. In this skill context, silent export increases the risk of sensitive research history being left behind in predictable locations where other tools or users may access it.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal