arxiv-skill-hunter
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: arxiv-skill-hunter Version: 1.0.0 This skill is suspicious because it orchestrates a pipeline to automatically generate new Node.js skills from external content (ArXiv papers) via the `arxiv-skill-extractor` module, as seen in `index.js`. While the `arxiv-skill-hunter` itself does not contain direct malicious code, its core function of automating the creation of executable code from potentially untrusted sources introduces a significant supply chain and arbitrary code execution risk. If the ArXiv papers are compromised or the `arxiv-skill-extractor` has vulnerabilities, this skill could be leveraged to generate and potentially execute malicious code within the agent's environment.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A single run could add a new executable skill to the agent workspace based on fetched external content.
The skill invokes an extractor to generate a new runnable skill from a fetched paper and records the generated skill path, but the included code shows no approval, sandboxing, or inspection step before doing so.
const extraction = await extractor.extractSkill(paperKey, { paper: paperDetail });
...
taskData.generatedSkill = {
name: extraction.skillName,
path: extraction.skillPath,
smokeTestCommand: extraction.smokeTestCommand,
};Run only in a sandbox or manual review workflow, and require explicit user approval before any generated skill is added or enabled.
The actual paper-fetching and skill-generation behavior may depend on local code that was not included in this review.
The main behavior depends on sibling modules outside the supplied file manifest, including the code-generation extractor, so the most security-sensitive logic is not reviewable from these artifacts.
const paperClient = require("../arxiv-paper-reviews/paper_client.js");
const extractor = require("../arxiv-skill-extractor/index.js");Review and trust the exact installed versions of arxiv-paper-reviews and arxiv-skill-extractor before using this skill.
Adversarial or low-quality external paper content could become persistent context that later influences the agent or generated skills.
Fetched paper details and generation results are stored under persistent memory paths, where they may be reused by future skills or agent sessions without visible trust boundaries or retention controls.
paper: paperDetail,
status: "pending",
...
fs.writeFileSync(taskFile, JSON.stringify(taskData, null, 2));
...
fs.appendFileSync(
memoryFile,
`\n- [ArxivSkillHunter] Learned from ${paperKey} and generated ${extraction.skillName}.\n`,
);Keep generated memory/task files reviewable, clear them when not needed, and treat external paper content as untrusted input.
A problematic paper or poisoned metadata could influence generated code and persist beyond the current run.
The code automatically chooses the first returned paper, fetches its details, and feeds it directly into the skill-generation pipeline, creating a path for one bad external input to propagate into persistent agent capabilities.
const targetPaper = papers[0];
...
const paperDetail = await paperClient.getPaper(paperKey);
...
const extraction = await extractor.extractSkill(paperKey, { paper: paperDetail });Add filtering, provenance checks, human review, and rollback before promoting any generated skill into the active workspace.