Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Arxiv Skill Learning
v1.0.0Orchestrates the continuous learning of new skills from arXiv papers. Use this to trigger a learning cycle, which fetches papers, extracts code/skills, and s...
⭐ 2· 1.2k·11 current·11 all-time
byWANGJUNJIE@wanng-ide
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description align with the code: it finds papers, calls a paper_client and an extractor, runs a smoke test, and records learned papers. However, SKILL.md claims a 'Solidify: Commits the new skill to the workspace' step and an hourly schedule; the index.js implementation does not perform any commit, publishing, or scheduling. That is a clear mismatch between documentation and implementation.
Instruction Scope
index.js requires local modules (paper_client and arxiv-skill-extractor) and will execute a smokeTestCommand returned by the extractor using child_process.exec with cwd set to the workspace root. Running extractor-provided shell commands in the agent's workspace is high-risk if extractor or its outputs are untrusted. The code also writes a learned_papers.json into the workspace memory path — reading/writing workspace state is expected for an orchestrator but combined with arbitrary command execution increases blast radius.
Install Mechanism
There is no install spec (instruction-only plus a local index.js). Nothing is downloaded from the network by the skill itself. That lowers supply-chain risk, but the code does spawn shell commands, which is an execution-time risk rather than an install-time risk.
Credentials
The skill requests no environment variables or external credentials — that is proportional and good. However, it executes commands inside WORKSPACE_ROOT and reads/writes memory/evolution/learned_papers.json. Because smokeTestCommand originates from the extractor, lack of credential demands doesn't eliminate the potential for the extractor to run arbitrary actions with the agent's filesystem privileges.
Persistence & Privilege
always:false (no forced always-on). The skill persists learned paper metadata to the workspace (memory/evolution/learned_papers.json) which is within expected scope. Autonomous invocation is allowed (platform default); combined with the ability to run extractor-supplied commands this raises the importance of trusting the extractor and paper_client modules.
What to consider before installing
This skill's stated purpose matches what the code mostly does, but there are two issues to consider before installing: (1) SKILL.md promises a 'commit'/'solidify' step and scheduled runs that the code does not implement — expect the skill to only extract, smoke-test, and record metadata unless additional code exists elsewhere. (2) The extractor supplies a smokeTestCommand which this skill executes via child_process.exec in the workspace root. If the extractor or paper_client modules (required from relative paths) are untrusted or can be influenced by external inputs, that command execution could run arbitrary shell commands with the agent's workspace permissions. Recommendations: only install if you audit or control the local modules ../arxiv-paper-reviews/paper_client and ../arxiv-skill-extractor; run the skill in an isolated sandbox or CI runner with limited filesystem/network permissions; add validation/whitelisting of smokeTestCommand (or run tests in a container); and reconcile the SKILL.md vs actual behavior (committing and scheduling) so you understand what will happen. If you cannot verify the extractor and paper_client code, treat this skill as risky and avoid granting it access to sensitive workspaces.Like a lobster shell, security has layers — review code before you run it.
latestvk97fcdwap6yddbbqg431kbs0fn816nfm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.