Skillv1.0.1

ClawScan security

arXiv Paper Digest · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 3:39 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to do what it says (fetch trending papers from HuggingFace and format summaries) and does not request unrelated credentials or suspicious network endpoints, but there are a few inconsistencies between the documentation/metadata and the included script you should note before installing.
Guidance: This skill is mostly coherent and does what it claims: it fetches HuggingFace's daily_papers API and formats summaries without requiring credentials. Before installing, note these gaps and act accordingly: - The SKILL.md says it will track history/deduplicate and push digests to QQ/Notion, but scripts/fetch_papers.py does not implement history file writes or messaging integrations — expect the agent or additional code to handle delivery and deduplication. - Metadata declares modifiesLocalFiles; the script currently only prints output. If you need local history, review or add explicit, safe file-write code and verify where files are stored (use an isolated workspace). - Ensure network access to huggingface.co is acceptable in your environment. The script obeys only HF endpoints (no hidden endpoints or credential exfiltration detected). - Install the requests dependency in a controlled environment (virtualenv) before running, and inspect future versions for any added endpoints or credential requirements. If the author intends automated delivery or persistent history, ask them to provide the code that performs those actions so you can review it prior to enabling cron/automation.

Review Dimensions

Purpose & Capability: noteName/description (arXiv paper digest via HuggingFace Trending) aligns with the script and metadata: the script calls HuggingFace's daily_papers API and formats JSON/Markdown summaries. Required binary (python3) and dependency (requests) are reasonable for this task. Minor mismatch: SKILL.md and metadata mention deduplication/history tracking and automated delivery, but the provided script does not implement writing a history file or pushing to QQ/Notion.
Instruction Scope: noteSKILL.md instructs the agent to fetch from HuggingFace and optionally run a cron payload to push to QQ/Notion; the script only fetches and prints JSON/Markdown to stdout. The documentation claims local history/deduplication but the script contains no file-read/write for history. The instructions do not ask for unrelated files, secrets, or external endpoints beyond HuggingFace and arXiv links.
Install Mechanism: okNo install spec (instruction-only plus a small script). No downloads from arbitrary URLs or package managers beyond an expected PyPI dependency (requests). This is a low-risk install footprint.
Credentials: okThe skill declares no required environment variables or credentials and the code does not access secrets or other env vars. Network access is limited to huggingface.co (HF API) and constructs arXiv/HF links only — proportional to purpose.
Persistence & Privilege: okalways is false and the skill does not request elevated or persistent platform privileges. Metadata states it may modify local files, but the included script does not actually write files; this mismatch should be clarified but is not itself an elevated privilege.