Back to skill
Skillv1.0.2
ClawScan security
arxiv-paper-searcher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 4, 2026, 6:59 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requested resources are consistent with an arXiv searching/monitoring tool; it reads/writes a local config file and builds cron payloads but does not request unrelated credentials or hidden endpoints.
- Guidance
- This skill appears internally consistent with its description. Before installing or enabling it, note: 1) it requires access to the network (to query arXiv) and the Python 'arxiv' package — the skill will prompt to pip install it if missing; 2) it will create and update a local config file at ~/.openclaw/workspace/skills/arxiv-paper-searcher/config.json (unless you override OPENCLAW_SKILL_ROOT), which stores query parameters and any bound job_id; 3) the cron builder only creates JSON payloads — actually registering/updating an OpenClaw cron job requires running the OpenClaw cron command or allowing the agent to call that CLI/API explicitly; 4) scheduled pushes default to sessionTarget: current, meaning results will be posted back into the conversation where the job was created (do not delete that conversation if you want continuity). No credentials or hidden external endpoints are requested. If you need higher assurance, review the three included scripts locally and verify you are comfortable installing the 'arxiv' Python package and allowing the agent to run the OpenClaw cron command when creating monitoring jobs.
Review Dimensions
- Purpose & Capability
- okThe name/description (search, analyze, optionally schedule monitoring) matches the included scripts: arxiv_search.py performs arXiv queries and outputs JSON, config_manager.py saves query/job metadata, and openclaw_cron_builder.py constructs OpenClaw cron payloads. There are no unrelated environment variables, binaries, or credentials requested.
- Instruction Scope
- noteSKILL.md instructs the agent to run the provided Python scripts, save a local config.json under ~/.openclaw/workspace/skills/arxiv-paper-searcher, and (after user consent) create OpenClaw cron jobs. The scripts only access the local config path and use the arxiv library/network to fetch papers. One practical caveat: there is no automatic invocation of OpenClaw CLI in code — openclaw_cron_builder only generates the JSON payload; creating/updating the actual cron job requires running the OpenClaw cron command or the agent to call it. All file reads/writes are limited to the skill's config path (or an override via OPENCLAW_SKILL_ROOT).
- Install Mechanism
- okNo install spec in registry. The Python scripts depend on the public 'arxiv' package (arxiv_search.py will abort with an instructive message if missing). No downloads from untrusted URLs or archive extraction occur. Consumers should ensure Python and the 'arxiv' package are installed in the agent environment.
- Credentials
- okThe skill declares no required environment variables or credentials. Only an optional OPENCLAW_SKILL_ROOT env var (used to override config directory) appears in code, which is proportionate to allowing custom install locations. The skill does not request tokens, keys, or other secrets.
- Persistence & Privilege
- okalways is false. The skill writes/reads a local config.json to store query parameters and job binding metadata — this is consistent with its stated purpose. It does not modify other skills' configs or system-wide settings. It does not automatically create cron jobs; it only generates payloads for cron operations, so actual scheduler changes require an additional explicit action.