ArXiv Research
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: arxiv-research Version: 1.0.0 The skill bundles (both 'arxiv-research' and 'arxiv-osiris' variants, which share identical Python code) are designed to search and download research papers from arXiv.org. The `arxiv_search.py` script uses the legitimate `arxiv` Python library and includes explicit input validation (`is_valid_arxiv_id`) to prevent path traversal and injection attacks when handling arXiv IDs for file downloads. Papers are downloaded to a standard user 'Downloads/arxiv' directory. There is no evidence of data exfiltration, unauthorized execution, persistence mechanisms, or malicious prompt injection attempts in the `SKILL.md` files. The functionality is clearly aligned with its stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may require installing a third-party Python package, so the behavior depends partly on that package and the package source.
The skill depends on the external `arxiv` Python package installed from PyPI. This is expected for the stated purpose, but the dependency is not pinned to a specific version.
metadata: {"openclaw": {"emoji": "📚", "requires": {"bins": ["python"], "pip": ["arxiv"]}, "homepage": "https://arxiv.org"}}
...
pip install arxivInstall dependencies from a trusted Python environment and consider pinning or reviewing the `arxiv` package version if used in sensitive environments.
Using the download feature will create files on the user's machine under the Downloads folder.
The download command creates a local directory and saves PDFs there. This is disclosed and purpose-aligned, but it is still a local file-writing capability.
download_dir = os.path.join(os.path.expanduser("~"), "Downloads", "arxiv")
os.makedirs(download_dir, exist_ok=True)
...
path = paper.download_pdf(dirpath=download_dir, filename=f"{arxiv_id}.pdf")Use the download command only for intended papers and periodically review the download folder if storage or file provenance matters.