v1.0.4

arXiv Research Assistant

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:25 AM.

Analysis

This appears to be a coherent arXiv research helper, with normal notes around optional MongoDB storage, local PDF downloads, and third-party Python dependencies.

GuidanceThis skill looks reasonable for arXiv research use. Before installing, be aware that it can download PDFs locally, may use MongoDB credentials if you configure them, and relies on third-party Python packages. Use a dedicated limited MongoDB credential and treat retrieved paper text as research content, not assistant instructions.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

arxiv_tool.py

dl_parser.add_argument("--output", default="./papers", help="Output directory") ... paper.download_pdf(dirpath=output_dir, filename=filename)

The tool can create a local directory and download PDFs to a user-selected path. This matches the advertised download feature, but it is still a local file-write capability users should notice.

User impactThe assistant can save paper PDFs onto the local filesystem when asked to download papers.

RecommendationConfirm the intended download directory, especially if using shared or synced folders.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

requirements.txt

arxiv>=2.0.0
pymongo>=4.0.0

The skill depends on third-party Python packages with minimum-version ranges rather than pinned versions. These dependencies are expected for the stated functionality, but version ranges reduce reproducibility.

User impactFuture installs could resolve to newer dependency versions than the author tested.

RecommendationInstall from trusted package indexes and consider pinning reviewed dependency versions in controlled environments.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

arxiv_tool.py

MONGO_URI = os.getenv('MONGODB_URI', '') ... mongo_client = MongoClient(MONGO_URI) ... self.db.papers.update_one(..., upsert=True)

If a MongoDB connection string is configured, the skill uses that credential to read and write a papers collection for the reading-list feature. This is disclosed and purpose-aligned, but the credential may carry broader database privileges.

User impactA MongoDB URI provided to the environment may allow the skill to store and update saved-paper records in that database.

RecommendationUse a dedicated MongoDB database or user with minimal permissions for this skill, rather than a broad production credential.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

arxiv_tool.py

"abstract": paper.summary[:500] + "..." if len(paper.summary) > 500 else paper.summary

The skill retrieves external paper metadata and abstracts and may present them to the assistant for analysis. This is central to the research purpose, but retrieved academic text should be treated as untrusted content rather than instructions.

User impactPaper abstracts or PDFs could contain text that influences an assistant's response if the assistant treats it as authoritative instructions.

RecommendationTreat arXiv content as source material only, and avoid following instructions embedded inside papers or abstracts.