ClawHub

Scholar Deep Research

v0.3.0

Use when the user asks for a literature review, academic deep dive, research report, state-of-the-art survey, topic scoping, comparative analysis of methods/...

0· 88·0 current·0 all-time
byAgents365.ai@agents365-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with included scripts and templates. The repo contains search modules for OpenAlex/arXiv/Crossref/PubMed, PDF extraction (pypdf), ranking/dedup logic, and report templates — all expected for a 'deep research' skill. Required binary = python3 is proportional.
Instruction Scope
SKILL.md instructs the agent to run the included scripts, persist state to research_state.json, extract PDFs, and call external APIs (OpenAlex/arXiv/Crossref/PubMed) — all within the declared purpose. It also mandates running scripts/check_update.py at Phase 0 which performs a git fetch and can fast-forward code (network activity/update) before continuing; this changes runtime code between invocations and is a behavioral risk to be aware of (the skill documents a SCHOLAR_SKIP_UPDATE_CHECK opt-out). The instructions may also shell out to optional local/external helper scripts (paper-fetch) if configured.
Install Mechanism
Registry has no automated install spec, but README/SKILL.md expects the host agent or user to git-clone the GitHub repo and pip install -r requirements.txt. That is standard for this type of skill, but it means arbitrary repository code will be written to disk and executed locally (pip install runs code on install). No downloads from obscure hosts or URL shorteners are used in the provided files; network activity is limited to GitHub/git fetch and calls to public scholarly APIs and Unpaywall/paper-fetch fallback as described.
Credentials
The skill declares no required environment variables or credentials. Optional parameters referenced in docs (e.g., --email for polite-pool, --api-key for NCBI, PAPER_FETCH_SCRIPT, SCHOLAR_SKIP_UPDATE_CHECK) are reasonable and explainable for higher-rate access or alternate PDF-fetching flows. There are no unrelated secret/env requests in the manifest.
!
Persistence & Privilege
The skill writes persistent state to research_state.json (expected for resumable research). However, Phase 0's automatic update check (git fetch + possible fast-forward) means the skill can change its own code at invocation time if installed from a git-backed checkout. While documented and opt-outable (SCHOLAR_SKIP_UPDATE_CHECK), auto-updating increases the attack surface (compromised upstream or supply-chain issues could alter behavior). always:false and normal autonomous invocation are appropriate; there is no evidence it modifies other skills' config.
Assessment
This skill appears coherent and implements the claimed 7‑phase literature workflow. Before installing or enabling it: (1) review the repository yourself (or inspect the code files listed) — installing runs code from GitHub and pip installs dependencies; (2) be aware Phase 0 runs a git fetch and may fast‑forward the skill on each invocation unless you set SCHOLAR_SKIP_UPDATE_CHECK or pin a commit — if you want reproducibility or to avoid unexpected code changes, pin the repo and/or set the env var; (3) run it in an isolated Python environment (virtualenv / container) and review requirements.txt before pip install; (4) if you will supply API keys (NCBI) or point PAPER_FETCH_SCRIPT at third‑party fetchers, ensure those endpoints/scripts are trusted; (5) accept that the skill will read/write research_state.json and will download paper PDFs and call public scholarly APIs — do not use it with sensitive unpublished text you don't want persisted remotely. If you want extra assurance, audit scripts/check_update.py and any code that shells out (e.g., DOI-fetch helpers) before enabling automatic update behavior.

Like a lobster shell, security has layers — review code before you run it.

academicvk9796npn0gxhvn1p2rrhnf4kxh84mgmgcitationsvk9796npn0gxhvn1p2rrhnf4kxh84mgmglatestvk97b4d5h4ttyf3jk7fvcb4b7y184q6r6literature-reviewvk9796npn0gxhvn1p2rrhnf4kxh84mgmgpapersvk9796npn0gxhvn1p2rrhnf4kxh84mgmgresearchvk9796npn0gxhvn1p2rrhnf4kxh84mgmgsurveyvk9796npn0gxhvn1p2rrhnf4kxh84mgmg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔬 Clawdis
Binspython3

Comments