Skillv0.1.1

ClawScan security

Arxiv Summarizer Orchestrator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 14, 2026, 12:11 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: This orchestrator is internally consistent with its stated purpose: it is an instruction-only top-level workflow that composes three sub-skills and does not request unexpected credentials, installs, or system privileges.
Guidance: This orchestrator itself appears coherent and low-risk, but it delegates all network access and downloads to three sub-skills. Before installing or scheduling this skill you should: (1) inspect the source and install metadata for arxiv-search-collector, arxiv-paper-processor, and arxiv-batch-reporter to confirm they come from trusted authors and do not exfiltrate data or call unexpected endpoints; (2) run the workflow in an isolated workspace (dedicated run_dir) with limited filesystem permissions and monitor network activity while testing; (3) verify any scheduling/cron settings, rate-limit configuration, and that language parameters are passed explicitly; (4) confirm no secrets or unrelated system files are needed by the sub-skills. If you can review the three sub-skills and are comfortable with their behavior, this orchestrator is safe to use.

Review Dimensions

Purpose & Capability: okThe skill's name and description match the runtime instructions: it orchestrates three sub-skills (collector, per-paper processor, batch reporter). It requests no env vars, binaries, or installs, which is proportionate for an instruction-only orchestrator. The dependency on the three named sub-skills is expected and coherent.
Instruction Scope: okSKILL.md stays within the orchestration scope: it describes how to run scripts in the sub-skills, when to skip papers, how to batch/parallelize, and how to assemble reports. The only runtime reading it asks for is project/run-directory files (per-paper metadata, downloaded source/pdf, summary.md, and runtime throttle/state in the run directory). It does not instruct the agent to read system-wide config, secrets, or unrelated files, nor to post data to unexpected external endpoints.
Install Mechanism: okNo install spec or code is included (instruction-only), so nothing is written to disk or fetched by this skill itself. That is the lowest-risk install model and is appropriate for an orchestrator.
Credentials: okThe skill declares no environment variables, credentials, or config paths. This is proportionate. One caveat: the orchestration assumes the three sub-skills exist and those sub-skills (not this orchestrator) may require network access or API keys; those should be inspected separately.
Persistence & Privilege: okalways is false and the skill does not request persistent presence or elevated platform privileges. It does not modify other skills' configs. Autonomous invocation remains enabled (platform default) but that is expected for skills and is not combined here with other red flags.