ClawHub

arxiv

Security checks across malware telemetry and agentic risk

Overview

This arXiv research skill is purpose-aligned and disclosed, with optional MongoDB reading-list storage that users should enable only if they want persistence.

Install this if you want an arXiv helper that can search papers, fetch details, and download PDFs. Leave MongoDB variables unset if you only want read-only arXiv use; if you enable MONGODB_URI, use a limited-purpose database because saved papers and reading status may reveal research interests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The skill’s stated purpose is arXiv search/download/summarization, but it also initializes optional MongoDB-backed persistence for a reading list. This expands the skill’s data access and external connectivity beyond the declared scope, which can surprise users and create unnecessary data-handling risk in agent environments where least privilege and transparency matter.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The code reads database credentials from environment variables and attempts to connect to MongoDB even though database access is not necessary for basic arXiv lookup or PDF download. In an agent runtime, this broadens the trust boundary and could expose metadata, saved paper contents, or operational details to an external service without clear user expectation.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill is described only as searching, downloading, and summarizing arXiv papers, but it includes MongoDB client capability. That expands the attack surface and enables persistence or exfiltration behavior not required by the stated functionality, which is suspicious in this context even if it may have been added for caching or storage.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The trigger phrase "paper" is highly generic and commonly used in everyday conversation, so it can cause the skill to activate outside the intended academic-research context. This increases the chance of accidental invocation, prompt routing mistakes, or untrusted content being handled when the user did not intend to use the arXiv skill.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger set includes several broad phrases like "paper", "find papers", and "search papers" without strong contextual constraints, making activation likely in normal, non-security-relevant conversation. In an agent ecosystem, this can lead to inappropriate tool selection, unexpected network access, or unintended summarization/download behavior based on ambiguous user input.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal