ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

arxiv watcher

v1.0.0

Search and summarize papers from ArXiv. Use when the user asks for the latest research, specific topics on ArXiv, or a daily summary of AI papers.

0· 50·0 current·0 all-time
by@modestyrichards
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: a small bash script queries the public arXiv API and SKILL.md describes searching, summarizing, and optionally fetching PDFs. All requested artifacts (no creds, no external services) are consistent with an arXiv watcher.
Instruction Scope
The runtime instructions mandate automatically appending every discussed paper (title, authors, date, summary, link) to memory/RESEARCH_LOG.md. That is coherent with 'long-term tracking' but is a persistent side effect users should expect. It also suggests using 'web_fetch' to download PDFs for deeper extraction — expected for deeper summaries but means the skill may download arbitrary PDF content from arXiv links when invoked.
Install Mechanism
No install/spec or third-party downloads; the included script is a tiny curl invocation against the official export.arxiv.org API. Low install risk.
Credentials
No environment variables, secrets, or external credentials requested. The skill does not require unrelated credentials or config paths.
Persistence & Privilege
The skill is not always-enabled and can be invoked by the user, but it requires write access to memory/RESEARCH_LOG.md and mandates appending entries. Writing to agent memory is a normal pattern but is a persistent capability you should accept explicitly.
Assessment
This skill is small and consistent with its purpose, but it will automatically store summaries in memory/RESEARCH_LOG.md and may download PDFs when asked. Before installing, decide whether automatic persistent logging of viewed/summarized papers is acceptable for your workflow and whether any content you query could be sensitive. If you'd prefer not to keep persistent logs, ask the skill author (or modify SKILL.md) to make appending optional or to prompt before writing. Also test with non-sensitive queries first and inspect memory/RESEARCH_LOG.md so you know what is being stored.

Like a lobster shell, security has layers — review code before you run it.

latestvk9738jkfjr5bw8q0z3ryy661vh84rqgb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments