arXiv Search Master
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly a coherent arXiv search/download tool, but its batch-search input can control output filenames in a way that may write outside the intended output folder.
Use this skill in a virtual environment and be careful with batch JSONL files from untrusted sources. Avoid running batch searches that contain suspicious 'name' fields such as absolute paths or '../' components until the path-handling issue is fixed.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or accidental batch query file could cause the agent to create or overwrite JSON files outside the intended output directory.
The batch-search JSONL input controls query_name, and that value is used directly as part of the output path without sanitizing path separators, parent-directory components, or absolute paths.
query_name = query_spec.get("name", f"query_{index:03d}") ... output_file = self.output_dir / f"{result['query_name']}.json"Only use trusted JSONL batch files. The skill should sanitize query names, reject absolute paths and '..' components, and verify resolved output paths stay inside the chosen output directory.
Future dependency versions could change behavior or introduce supply-chain risk, although this is a common and purpose-aligned setup pattern.
The skill instructs installing Python packages, and the dependency versions are lower-bounded rather than pinned to exact versions or hashes.
arxiv>=1.4.8 requests>=2.28.0 urllib3>=1.26.0 pandas>=1.5.0 numpy>=1.23.0
Install in an isolated virtual environment and prefer pinned, reviewed dependency versions for reproducible use.