ai-paper-researcher
PassAudited by ClawScan on May 11, 2026.
Overview
This skill appears purpose-aligned: it searches arXiv, downloads selected PDFs, and keeps a local paper list, with normal dependency, network, and persistence considerations.
This skill looks safe for its stated purpose. Before using it, be aware that your search terms go to arXiv, selected PDFs will be downloaded into the local paper_list workspace, and a CSV history of downloaded papers will persist for deduplication. Install the Python dependencies in an isolated environment if possible.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misleading paper comment could affect whether a paper is downloaded, though the artifacts do not show any prompt-injection behavior.
The agent uses externally sourced arXiv metadata to decide which papers qualify for top-tier filtering. This is purpose-aligned, but the metadata should be treated as data, not as instructions.
Carefully review the `comment` field in the JSON of each candidate paper.
If using strict conference filtering, ask the agent to show candidate comments or verify venues before downloading.
Using the skill can create local PDF files and update the paper list without per-file confirmation after the agent selects papers.
The helper performs external HTTP downloads and writes PDF files locally. This matches the skill’s purpose, but it is still a file-system side effect.
response = requests.get(pdf_url, stream=True, timeout=60, headers=headers) ... with open(filepath, 'wb') as f:
Ask the agent to list candidates first if you want to approve downloads individually.
Installing unpinned packages can produce different dependency versions over time.
The README requires manual installation of Python dependencies without pinned versions. This is expected for the tool, but dependency provenance and versioning are not locked down.
pip install arxiv requests
Install dependencies in a trusted, isolated Python environment and consider pinning package versions.
The local paper list persists across uses and can affect future downloads by marking papers as already downloaded.
The tool creates and later reuses a persistent CSV record of downloaded papers for deduplication.
writer.writerow(['arxiv ID', 'title', 'abstract'])
Review or edit the local paper_list.csv if deduplication results seem wrong or if you want to clear the local history.