Arxiv Batch Reporter
PassAudited by ClawScan on May 10, 2026.
Overview
The visible artifacts show a purpose-aligned arXiv report generator that reads local summary files and writes markdown reports, with no evidence of credential use, network calls, hidden persistence, or exfiltration.
This skill appears safe for its stated purpose. Before running it, choose a specific arXiv run directory, keep template and output paths within that directory, and review the generated bundle/template if the summaries contain private or untrusted text.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or invoking the skill may cause the agent to run local Python code that reads and writes report files.
The skill works by running included local Python scripts. This is disclosed and central to the reporting workflow, not hidden execution.
python3 scripts/collect_summaries_bundle.py ... python3 scripts/render_collection_report.py
Run it only from the expected skill directory, and inspect the scripts if you are concerned about local code execution.
If unusual template or output paths are supplied, the script could read from or write to locations outside the intended report directory.
The renderer reads a template path and writes an output path based on command-line arguments. This is expected for the skill, but users should keep paths scoped to the intended run directory.
template_text = template_path.read_text() ... output_path = (base_dir / args.output_file).resolve() ... output_path.write_text(rendered)
Use the documented defaults or simple filenames under the run directory, and avoid absolute paths or '../' path traversal in arguments.
Private or untrusted content in summary.md files may be exposed to the model context or influence the generated report template.
The bundle intentionally includes full summary.md contents for model use. This is purpose-aligned, but any instructions or sensitive text inside summaries can be carried into model context and generated outputs.
"Use all metadata + summary blocks below to produce a hierarchical collection report." ... lines.append(paper["summary_text"].rstrip())
Review summary files and the generated summaries_bundle.md before using it with a model, especially if the summaries came from untrusted sources or contain sensitive information.