ClawHub

arxiv-to-obsidian

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it fetches public arXiv AI paper metadata, translates it with the local Claude CLI, and writes a scoped daily note to Obsidian.

Install this only if you want automatic arXiv-to-Obsidian note writes. Before first use, review scripts/config.sh, confirm VAULT_NAME and VAULT_FOLDER, run with DRY_RUN=1, and make sure you are comfortable using your local Claude CLI account to translate public arXiv metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill directs the agent to use shell-capable interfaces such as an `obsidian` command and helper scripts, but it declares no explicit permissions or trust boundaries. This creates a capability mismatch: an agent may invoke local commands or scripts without clear authorization, increasing the risk of unintended command execution, access to local resources, or policy bypass in environments that rely on declared permissions for enforcement.

Vague Triggers

Medium
Confidence
75% confidence
Finding
The trigger description is broad enough to match common requests about arXiv papers, summaries, daily digests, or syncing to notes, which can cause the skill to activate in situations the user did not intend. Because the skill performs external fetching, translation, and note-writing, accidental activation can lead to unwanted network activity and unintended modification of Obsidian content.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
Paper titles and abstracts are transmitted to an external Claude CLI without any visible disclosure, consent, or policy gate. Even if arXiv metadata is usually public, this creates an undisclosed data egress path and normalizes sending content to third-party AI services, which becomes more sensitive if the input source later expands beyond public papers.

Ssd 1

Medium
Confidence
95% confidence
Finding
Untrusted paper titles and abstracts are embedded directly into a natural-language prompt and the code relies on the model to return a precise JSON structure. Malicious or crafted paper text can inject instructions such as overriding format requirements, causing malformed output, content substitution, or denial of service in the translation pipeline; the skill context makes this more plausible because arXiv metadata is external, uncontrolled content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal