Orchestrates the continuous learning of new skills from arXiv papers. Use this to trigger a learning cycle, which fetches papers, extracts code/skills, and s...
Security Analysis
medium confidenceThe skill mostly implements an arXiv-to-skill orchestration but contains gaps between its documentation and code and executes arbitrary test commands from an external extractor in the agent workspace — this is coherent with its purpose but presents notable risk and some mismatches that should be resolved before use.
The name/description align with the code: it finds papers, calls a paper_client and an extractor, runs a smoke test, and records learned papers. However, SKILL.md claims a 'Solidify: Commits the new skill to the workspace' step and an hourly schedule; the index.js implementation does not perform any commit, publishing, or scheduling. That is a clear mismatch between documentation and implementation.
index.js requires local modules (paper_client and arxiv-skill-extractor) and will execute a smokeTestCommand returned by the extractor using child_process.exec with cwd set to the workspace root. Running extractor-provided shell commands in the agent's workspace is high-risk if extractor or its outputs are untrusted. The code also writes a learned_papers.json into the workspace memory path — reading/writing workspace state is expected for an orchestrator but combined with arbitrary command execution increases blast radius.
There is no install spec (instruction-only plus a local index.js). Nothing is downloaded from the network by the skill itself. That lowers supply-chain risk, but the code does spawn shell commands, which is an execution-time risk rather than an install-time risk.
The skill requests no environment variables or external credentials — that is proportional and good. However, it executes commands inside WORKSPACE_ROOT and reads/writes memory/evolution/learned_papers.json. Because smokeTestCommand originates from the extractor, lack of credential demands doesn't eliminate the potential for the extractor to run arbitrary actions with the agent's filesystem privileges.
always:false (no forced always-on). The skill persists learned paper metadata to the workspace (memory/evolution/learned_papers.json) which is within expected scope. Autonomous invocation is allowed (platform default); combined with the ability to run extractor-supplied commands this raises the importance of trusting the extractor and paper_client modules.
Guidance
This skill's stated purpose matches what the code mostly does, but there are two issues to consider before installing: (1) SKILL.md promises a 'commit'/'solidify' step and scheduled runs that the code does not implement — expect the skill to only extract, smoke-test, and record metadata unless additional code exists elsewhere. (2) The extractor supplies a smokeTestCommand which this skill executes via child_process.exec in the workspace root. If the extractor or paper_client modules (required from relative paths) are untrusted or can be influenced by external inputs, that command execution could run arbitrary shell commands with the agent's workspace permissions. Recommendations: only install if you audit or control the local modules ../arxiv-paper-reviews/paper_client and ../arxiv-skill-extractor; run the skill in an isolated sandbox or CI runner with limited filesystem/network permissions; add validation/whitelisting of smokeTestCommand (or run tests in a container); and reconcile the SKILL.md vs actual behavior (committing and scheduling) so you understand what will happen. If you cannot verify the extractor and paper_client code, treat this skill as risky and avoid granting it access to sensitive workspaces.
Latest Release
v1.0.0
Initial release of arxiv-skill-learning: - Automates continuous learning of new skills from arXiv papers. - Fetches new papers in categories cs.AI, cs.CL, cs.LG, cs.SE. - Extracts implementable code/skills using arxiv-skill-extractor. - Runs tests and commits validated skills automatically. - Designed for hourly operation.
Popular Skills
Published by @wanng-ide on ClawHub
