Skillv1.0.0

ClawScan security

Arxiv Skill Extractor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 15, 2026, 3:30 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions are mostly coherent with its stated goal of generating skill scaffolds from arXiv papers, but it performs file I/O outside its own directory, depends on a missing local module, and contains path mismatches that could cause unexpected access to workspace files; review before running in a shared workspace.
Guidance: Before installing or running this skill: - Inspect the workspace 'memory/evolution/pending_skill_task.json' (if present) since the skill will read it and may write back status and extracted content. - Ensure you trust or inspect the sibling module arxiv-paper-reviews/paper_client.js that index.js requires — that file is not included and determines how papers are fetched (network calls, remote endpoints, credentials). - Run the skill in a sandbox or isolated workspace first (not in a production project) to see what files it creates under workspace_root/skills and what it writes to memory/evolution. - Note the SKILL.md usage examples path mismatch and that test.js calls main() without args (it will throw unless a pending task exists); provide a paper key when invoking (node index.js <paper_key>) to avoid accidental reads. - If you plan to use this on a shared agent, verify the agent workspace does not contain secrets or sensitive configs at the paths the skill touches. Additional information that would raise confidence to 'high': the missing arxiv-paper-reviews/paper_client.js included or documented, and a clear description of expected workspace layout (what WORKSPACE_ROOT should be) or modification to restrict operations to the skill's own directory.

Review Dimensions

Purpose & Capability: noteThe code creates skill scaffolds (SKILL.md, run.js, paper.json) from a paper object and writes them into a workspace 'skills' folder — this matches the 'extract skill' purpose. Minor inconsistencies: SKILL.md example requires './skills/arxiv-skill-extractor/index.js' which does not match the package layout, and the implementation expects a sibling module '../arxiv-paper-reviews/paper_client.js' that is not present in the bundle.
Instruction Scope: concernThe runtime reads and writes files outside the skill directory: WORKSPACE_ROOT is set to path.resolve(__dirname, "../.."), and the code reads/writes memory/evolution/pending_skill_task.json and writes into workspace/skills/<skillName>. That expands the skill's scope into the agent's workspace and could access unrelated files. The code also relies on getPaper from a local '../arxiv-paper-reviews/paper_client.js' not included here, so actual runtime behavior depends on external code which may perform network I/O or other sensitive actions. The test script calls main() without arguments and will fail or read pending tasks unless a pending file exists.
Install Mechanism: okThere is no install spec and no external downloads; this is an instruction + code-only skill. Nothing is fetched from remote URLs or installed during setup.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. However, it does read/write a workspace-level pending_skill_task.json which might contain sensitive task metadata; no explicit secrets are requested.
Persistence & Privilege: notealways:false and no autonomous-override flags — the skill won't be forcibly included. Still, it writes persistent files into the agent workspace (skills/, memory/evolution/pending_skill_task.json). This is reasonable for a generator tool but increases blast radius if run in a workspace that contains secrets or production configs.