ArXiv Watcher for Music Research
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward ArXiv search helper with no evidence of credential access, exfiltration, persistence, or destructive behavior, though its packaging metadata is slightly inconsistent.
This skill is reasonable to use for ArXiv research. Expect it to contact ArXiv and create local research result files. Before installing, note the minor metadata mismatch and review the small included shell script if your environment treats bundled scripts as executable components.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may expect only instructions, but there is an included executable helper that could be run manually or by an agent.
The package is described as instruction-only while also shipping a script. The script is small and purpose-aligned, but the install/runtime expectations are not fully declared.
No install spec — this is an instruction-only skill. Code file presence: 1 code file(s): scripts/search_arxiv.sh
Review the included script before use and ensure the skill metadata declares any helper script or required runtime dependency such as curl.
The skill still appears benign, but users cannot fully reconcile the packaged metadata with the registry listing.
These embedded metadata values differ from the supplied registry metadata, which lists a different owner ID, slug, and version. This creates provenance/version ambiguity.
"ownerId": "kn7c8ew58zsqxsn7a50925ypk97zzatv", "slug": "arxiv-watcher", "version": "1.0.0"
Publishers should align _meta.json with the registry record so users can verify the package identity and version.