Arxiv Agentic Verifier
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: arxiv-agentic-verifier Version: 1.0.0 The skill `arxiv-agentic-verifier` is classified as **suspicious** due to its core functionality involving the execution of arbitrary user-provided code. The `index.js` file uses `child_process.execSync` to run Python or Node.js code that is written to a temporary file. While this capability is central to the skill's stated purpose of code verification and the `SKILL.md` includes an explicit security warning ("This skill executes code provided to it. Use in a restricted environment or sandbox."), it represents a significant Remote Code Execution (RCE) vulnerability if the OpenClaw agent's execution environment is not adequately sandboxed. There is no evidence of intentional malicious behavior such as data exfiltration or backdoor installation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Untrusted or malicious candidate code could read, modify, or delete local files, access environment variables, use the network, or otherwise act with the user's local permissions.
The skill writes caller-supplied code to a local file and executes it with the host Python or Node interpreter. The only containment shown is a 5-second timeout, not a sandbox.
fs.writeFileSync(filepath, code); ... const output = execSync(command, { input: input, timeout: 5000, encoding: 'utf-8' });Run this only inside a disposable sandbox, VM, or container with restricted filesystem, network, and environment access. Add explicit user confirmation before executing code and declare the Python/Node execution requirement.
Private problem statements, proprietary code, or secrets embedded in code could be sent to OpenAI.
Problem descriptions and candidate code are included in the prompt sent to OpenAI for test generation. This is purpose-aligned, but it is an external provider data flow.
Problem:\n${problemDescription}\n\nCode:\n${candidateCode} ... this.openai.chat.completions.create({ messages: [{ role: "user", content: prompt }], model: "gpt-4-turbo-preview"Do not submit confidential code or secrets unless that provider use is acceptable. Document the external data flow clearly for users.
The skill can consume the user's OpenAI quota and make requests under that credential.
The skill uses an OpenAI API key for LLM reasoning. This is expected for the stated purpose, and the artifacts do not show hardcoded keys, logging, or unrelated credential use.
const key = apiKey || process.env.OPENAI_API_KEY; ... this.openai = new OpenAI({ apiKey: key });Use a dedicated, limited API key and monitor usage. The registry metadata should declare the OPENAI_API_KEY requirement.
It is harder to verify maintainership, update history, or whether future releases match the reviewed code.
The registry record provides no source repository or homepage, so provenance review is limited to the submitted artifacts.
Source: unknown Homepage: none
Install only if you trust the publisher and the provided package contents; prefer a public source repository for future review.