ClawHub

ArXiv Watcher

Security checks across malware telemetry and agentic risk

Overview

This skill searches ArXiv and keeps a local research log, which is disclosed and aligned with its research-tracking purpose.

Install if you are comfortable with the agent keeping a local `memory/RESEARCH_LOG.md` of papers it discusses. Avoid using it for sensitive or confidential research topics unless you are willing to have those summaries retained locally, and periodically review or delete the log if needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest frames the skill as ArXiv search and summarization, but the documentation adds persistent local logging to `memory/RESEARCH_LOG.md`. This mismatch is security-relevant because it expands the skill from transient retrieval into data retention without clearly disclosing that broader behavior.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The workflow makes file writes to `memory/RESEARCH_LOG.md` mandatory for any discussed paper, which exceeds the stated search/summarize scope and creates persistent records automatically. Automatic persistence can capture sensitive research interests or user queries without consent, increasing privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs automatic writes to a memory log without warning the user that data will be stored persistently. This is dangerous because users may reveal research topics, projects, or interests assuming a transient interaction, while the skill silently retains that information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal