Arxiv Cli Tools
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Installing the package will trust code from PyPI under that package name.
Why it was flagged
The skill instructs users to install an external PyPI package, and the artifact set does not include the package code or a pinned version. This is common for CLI tools and aligned with the stated purpose, but it is still a supply-chain point users should notice.
Skill content
pipx install arxiv-cli-tools ... pip install arxiv-cli-tools
Recommendation
Prefer pipx, verify the PyPI project and maintainer before installing, and consider pinning a known version if reproducibility matters.