ClawHub

Arxiv Watcher Hardened

Security checks across malware telemetry and agentic risk

Overview

This ArXiv helper is purpose-aligned and disclosed, but it automatically keeps a local research log that users should know about.

Install only if you are comfortable with ArXiv queries leaving your environment and summarized paper details being saved locally in memory/RESEARCH_LOG.md. Review or delete that log for sensitive research topics, and treat fetched abstracts or PDFs as untrusted text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises shell-backed behavior via `scripts/search_arxiv.sh` but does not declare permissions or constraints for that capability. Hidden execution capability increases risk because users and hosting systems cannot accurately assess or sandbox what the skill may execute, and query data may be passed into a shell context.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill description frames itself as search and summarization, but it also includes automatic persistent storage to `memory/RESEARCH_LOG.md`. This is a scope expansion that can cause unanticipated retention of user interests, research topics, or sensitive queries without being clearly disclosed in the manifest.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The workflow makes appending discussed papers to a local memory file mandatory for every interaction, which exceeds the stated search/summarize function. Mandatory persistence creates privacy and data-minimization risks because even benign research requests may reveal confidential interests, plans, or internal projects over time.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill states that summarized papers are automatically saved to a memory file, but it does not provide an explicit user-facing warning or obtain consent for persistent storage. This is dangerous because user queries about niche research topics, internal initiatives, or personal interests can be silently retained across sessions.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The workflow uses a bolded `MANDATORY` instruction to append every discussed paper to `memory/RESEARCH_LOG.md` without a clear consent step. The mandatory nature makes the issue more dangerous because it removes operator discretion and guarantees retention even when the paper topic may be sensitive or unnecessary to store.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal