ClawHub
Back to skill
v0.1.1

Arxiv Batch Reporter

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:41 AM.

Analysis

The skill mostly matches its arXiv reporting purpose, but its renderer can read or write paths outside the intended run folder if given unsafe filenames.

GuidanceBefore installing, confirm you are comfortable running the included Python scripts on a chosen arXiv run directory. Use safe, relative filenames for the template and output report, avoid absolute or ../ paths, and review the generated bundle/template if the summary files came from untrusted sources.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
scripts/render_collection_report.py
if candidate.is_absolute():
        return candidate
...
template_text = template_path.read_text()
...
output_path = (base_dir / args.output_file).resolve()
rendered = "\n".join(output_lines).rstrip() + "\n"
output_path.write_text(rendered)

The template path may be absolute and the output path is resolved and written without checking that it stays under base_dir, even though the documented workflow is for files under the run directory.

User impactIf the agent or user supplies an absolute path or a ../ path, the script could read a local file as a template or overwrite an accessible file outside the intended arXiv run folder.
RecommendationUse simple filenames such as collection_report_template.md and collection_report.md, and update the script to reject absolute paths, reject .. traversal, verify resolved paths are inside base_dir, and avoid overwriting existing files without confirmation.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceMediumStatusNote
scripts/collect_summaries_bundle.py
Use all metadata + summary blocks below to produce a hierarchical collection report.
...
"#### Full Summary"
...
lines.append(paper["summary_text"].rstrip())

The bundle intentionally includes full summary.md contents for model synthesis, so any instructions or misleading text inside those summaries may influence the model-authored report template.

User impactA bad or contaminated summary file could skew the final report or try to steer the agent away from the intended reporting task.
RecommendationReview or trust the summary.md sources before bundling them, and instruct the agent to treat summary contents only as source data, not as commands or policy.