Arxiv Osiris
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: arxiv-osiris Version: 1.0.4 The skill bundle is designed to search and download research papers from arXiv.org using the `arxiv` Python library. The `SKILL.md` provides clear instructions and dependency declarations without any prompt injection attempts. The `arxiv_search.py` script includes input validation for arXiv IDs to prevent path traversal, and downloads files to a standard user download directory. While there's a minor bug in the `is_valid_arxiv_id` function that might reject some valid arXiv IDs, this makes the validation more restrictive and does not introduce a security vulnerability. There is no evidence of malicious intent such as data exfiltration, unauthorized execution, or persistence mechanisms.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the dependency fetches third-party code from the Python package ecosystem.
The skill depends on an external PyPI package and does not pin a package version. This is expected for an arXiv integration, but users should ensure they install the intended dependency.
pip install arxiv
Install in a virtual environment and consider pinning or verifying the 'arxiv' package version before use.
Using the download command will create PDF files locally from arXiv.
The tool can download PDFs into the user's Downloads folder. This is disclosed and purpose-aligned, and the arXiv ID is validated before download.
download_dir = os.path.join(os.path.expanduser("~"), "Downloads", "arxiv") ... paper.download_pdf(dirpath=download_dir, filename=f"{arxiv_id}.pdf")Download only papers you intend to keep, and review downloaded PDFs as you would any file from the internet.