ClawHub

PMC Harvest

v1.0.0

Fetch and retrieve full-text or abstracts of open-access articles from PubMed Central by journal, year, or PMCID using NCBI's public APIs without an API key.

2· 743·3 current·3 all-time
by@angusthefuzz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (PMC harvesting) matches the code and SKILL.md: the package only requires node, uses NCBI E-utilities and OAI-PMH endpoints, implements search, summaries, and full-text retrieval. No unrelated services, credentials, or binaries are requested.
Instruction Scope
SKILL.md and the CLI instruct only running the included Node scripts and using NCBI endpoints. The runtime instructions do not ask the agent to read unrelated files, environment variables, or post data to third-party endpoints. All network calls in the code go to ncbi.nlm.nih.gov / pmc.ncbi.nlm.nih.gov.
Install Mechanism
There is no install spec (instruction-only), and the included code is plain Node.js source that uses only built-in https/zlib modules. No external downloads or archives, package registry installs, or untrusted URLs are present.
Credentials
The skill requires only the 'node' binary and requests no environment variables, keys, or config paths. This is proportionate for a Node CLI that calls public HTTP APIs.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide settings, and contains no code that persistently installs components or stores credentials. It performs transient network requests only when invoked.
Assessment
This skill appears to do exactly what it claims: search PMC and fetch open-access full-text via NCBI's public APIs. Before installing, ensure you have Node available and that your environment allows outbound HTTPS to ncbi.nlm.nih.gov. If you plan large-scale harvesting, respect NCBI rate limits and usage policies (the code implements a 3 req/sec delay but large batches should be staggered and run off-peak). In an enterprise environment, verify network egress policies because the scripts will make direct HTTP(S) requests to NCBI. If you need stronger guarantees, review the included source files yourself — they are small, readable, and contain no obfuscated or third-party endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk9782hcq0spc9mnczrhcnzsj95815ftk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📚 Clawdis
Binsnode

Comments