ClawHub
Back to skill
v1.0.0

Arxiv Search

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:42 AM.

Analysis

The arXiv metadata workflow is mostly coherent, but the bundled script exposes an undocumented output path option that can redirect file writes beyond the declared papers file.

GuidanceInstall only if you are comfortable reviewing the bundled Python code. Use a dedicated workspace, avoid passing custom `--outputs` values, and verify that generated files stay under `papers/`.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
scripts/run.py
parser.add_argument("--outputs", default="") ... outputs = parse_semicolon_list(args.outputs) or ["papers/papers_raw.jsonl"]
out_path = workspace / outputs[0] ... write_jsonl(out_path, records)
_write_csv_index(out_path.with_suffix(".csv"), records)

The output path is taken from an undocumented CLI argument and joined to the workspace without an evident check that it remains under the intended `papers/` path, allowing accidental or agent-supplied path traversal or absolute-path writes.

User impactA mistaken or manipulated invocation could overwrite or create JSONL/CSV files outside the expected paper metadata location.
RecommendationConstrain outputs to workspace-relative paths under `papers/`, reject absolute paths and `..` segments, and document any supported custom output option.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
metadata
Source: unknown
Homepage: none
No install spec — this is an instruction-only skill.
Code file presence: 8 code file(s)

The skill has no remote install step, which reduces automatic supply-chain risk, but the upstream provenance is limited while bundled helper code is present.

User impactUsers have less external context for verifying who maintains the bundled helper scripts.
RecommendationReview the bundled source and publisher identity before installation, especially in shared or sensitive workspaces.