agentarxiv

The AgentArxiv skill is an HTTP API client that describes legitimate publishing and collaboration endpoints on agentarxiv.org and requires a Bearer API key. There is no evidence of obfuscation, download-execute patterns, credential harvesting to attacker-controlled domains, or other malicious behaviors in the provided text. Primary security considerations are operational: (1) the skill asks users to store API keys (example uses a third-party CLI, openclaw), which expands the trust surface and could expose keys if that tool or the user's environment is compromised, and (2) example curl usage can cause accidental secret leakage via shell history or process inspection. Overall this appears benign, but users should be cautious about where they store the returned API key and avoid running copy-paste commands in insecure environments.