Skillv0.1.4

ClawScan security

paper-parser-skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 15, 2026, 3:47 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to do what it says (download arXiv PDFs and send them to MinerU for parsing), but there are metadata inconsistencies and privacy implications that warrant caution before installing or providing credentials.
Guidance: This tool will download PDFs locally and upload them to the MinerU service for parsing — only provide a MinerU token if you trust that service and avoid uploading confidential/unpublished material. Before installing: (1) Inspect the GitHub repo and PyPI package contents to confirm behavior; (2) Note the metadata mismatch: the registry omitted the required MINERU_API_TOKEN even though SKILL.md requires it—ask the publisher to correct metadata if you rely on registry info; (3) Use a dedicated, revocable token with minimal scope; store it securely in ~/.paper-parser/config.yaml and limit file permissions; (4) Install inside a virtualenv or container to limit blast radius from third-party code; (5) If you need offline parsing or cannot share PDFs, seek local alternatives. If you want higher assurance, request the actual package source and hashes or run the package in an isolated environment and audit network activity on first run.

Review Dimensions

Purpose & Capability: noteThe skill's declared purpose (search/download/parse arXiv papers using MinerU) aligns with the instructions: it requires a MinerU API token and a local workspace. However, the registry metadata shown earlier lists no required environment variables or primary credential while the SKILL.md explicitly requires MINERU_API_TOKEN in the config file — this metadata mismatch is an incoherence that should be resolved.
Instruction Scope: okRuntime instructions are scoped to searching arXiv, downloading PDFs to a local workspace, and uploading PDFs/metadata to MinerU for parsing. The SKILL.md explicitly warns about external processing and recommends not uploading sensitive documents. It does not instruct reading other unrelated system files or credentials.
Install Mechanism: noteThere is no platform-level install spec (instruction-only). The SKILL.md tells users to pip install the package from PyPI, which is a standard but non-trivial install action (third-party code executed locally). This is expected for a CLI Python tool but carries the usual risks of executing third-party packages — the doc recommends using a virtualenv/container.
Credentials: concernThe runtime requires a MinerU API token (MINERU_API_TOKEN) stored in ~/.paper-parser/config.yaml; that credential is appropriate for the stated parsing functionality. The concern is the mismatch between registry metadata (which lists no required env vars/credentials) and the SKILL.md (which lists the token as required). That inconsistency can mislead users about what secrets will be needed and stored. Also note the token grants external upload/processing rights—store a revocable, minimal-scope token and avoid uploading sensitive documents.
Persistence & Privilege: okThe skill is user-invocable and not forced-always. It requests a per-skill config file in the user's home directory and stores downloaded PDFs in a workspace; it does not request system-wide privileges or to modify other skills. No signs of elevated persistent platform privilege are present.