Skillv1.0.1

ClawScan security

arXiv Search Master · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 8:50 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, docs, and runtime instructions are consistent with an arXiv search/download/summarize tool and do not request unrelated credentials or hidden network endpoints.
Guidance: This package appears coherent and limited to arXiv interactions. Before running: (1) review scripts/utils.py locally to confirm there are no unexpected filesystem/network actions in your copy; (2) install requirements in an isolated Python environment (venv/container); (3) run the tool with non-privileged user rights because it writes files to output/; (4) if you enable optional LLM summarization later, you will need to provide API keys — verify those integrations before supplying secrets. If you need higher assurance, run it first in a sandbox and inspect runtime network traffic to confirm it only talks to arxiv.org.

Review Dimensions

Purpose & Capability: okName/description match behavior: scripts implement search, batch search, download, metadata export, and summarization against arXiv. Required resources (none declared) align with a client-only tool; the included requirements.txt lists standard Python libraries one would expect for this functionality.
Instruction Scope: okSKILL.md and the scripts instruct the agent to call arXiv APIs (via the arxiv package) and download PDFs from arxiv.org. Inputs referenced are user-supplied (queries, id lists, metadata files). There are no instructions to read unrelated system files, environment secrets, or to transmit data to endpoints outside arxiv.org or local output directories.
Install Mechanism: noteThere is no automated install spec; the package is distributed as code + requirements.txt. Dependencies are standard PyPI packages (arxiv, requests, pandas, etc.). Because there is no install step declared, operators must manually pip-install requirements before running — this is operational, not a hidden-code download risk. No remote download/extract URLs or obscure installers are present.
Credentials: okThe skill declares no required environment variables, no primary credential, and no special config paths. Optional/commented lines reference possible LLM libraries (openai/transformers) but these are not required and would need explicit configuration (API keys) to be used.
Persistence & Privilege: okSkill is not always-enabled, is user-invocable, and does not request to modify other skills or system-wide settings. It writes outputs to local output/ directories as expected for a downloader/analysis tool.