botlearn-academic-search
v1.0.0Conducts systematic academic searches across arXiv, Google Scholar, and Semantic Scholar to deliver verified top 5 relevant peer-reviewed papers with summari...
⭐ 0· 505·5 current·5 all-time
by邢怀康@calvinxhk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (academic search across arXiv, Google Scholar, Semantic Scholar) matches the SKILL.md: the instructions describe building database-specific queries, screening abstracts, deduplicating, and producing Top 5 results. The manifest/package.json dependency on @botlearn/google-search aligns with the documented use of Google Scholar operator syntax. There are no unrelated required binaries, env vars, or config paths declared.
Instruction Scope
SKILL.md instructs the agent to run parallel network queries against arXiv, Semantic Scholar, and Google Scholar, to perform abstract screening and citation-graph analysis, and to check open-access status. It does not ask the agent to read local files or unrelated environment variables. Note: the instructions rely on Google Scholar access via a google-search skill (effectively scraping/automated queries) and Semantic Scholar API calls — this implicates network access, rate limits, and potential TOS considerations. Also, query text (user prompts) will be sent to external services, which may have privacy implications.
Install Mechanism
This is an instruction-only skill with no install spec or code to be written to disk. package.json and manifest exist but there is no installer or remote archive referenced. Risk from on-disk install is minimal; the main runtime surface is outgoing network calls.
Credentials
The skill declares no required environment variables or primary credential, which is consistent for simple use (Semantic Scholar allows unauthenticated calls with lower rate). One caveat: for higher-rate Semantic Scholar usage an API key may be desirable, but none is required by the skill as published. The google-search dependency may have its own credential/behavioral requirements — the skill does not declare or require any unrelated secrets, which is proportionate.
Persistence & Privilege
The skill does not request permanent presence (always: false) and is user-invocable. It does not claim to modify other skills or system-wide settings. Autonomous invocation is allowed by platform default but this skill's privileges are not elevated beyond normal.
Scan Findings in Context
[no_regex_findings] expected: The static regex scanner found no suspicious code because this is an instruction-only skill (no code files to analyze); this is expected. The real security surface is runtime network calls described in SKILL.md.
Assessment
This skill appears coherent and does what its description promises: it will construct queries and call arXiv, Semantic Scholar, and Google Scholar (via the google-search capability) to assemble Top-5 literature summaries. Before installing, consider the following: (1) network & privacy: the agent will send user queries to external services — avoid including sensitive or confidential text in queries; (2) Google Scholar access: the skill relies on google-search (scraping-like queries). Automated queries to Google Scholar can hit rate limits or violate TOS and may be blocked; review the google-search skill's behavior/requirements; (3) Semantic Scholar API: unauthenticated access is possible but rate-limited; for high-volume use you may need to supply an API key via whatever upstream google-search/semantic-scholar integration expects (the skill does not declare an env var for this); (4) dependency trust: package.json lists @botlearn/google-search — verify that dependency is from a trusted publisher before installing; (5) monitoring: because this skill performs outbound network requests, monitor for unexpected endpoints or unusual traffic patterns after enabling it. If you need maximum privacy or higher API quotas, obtain API keys for Semantic Scholar (and review the google-search skill) and confirm how those keys are provided and stored.Like a lobster shell, security has layers — review code before you run it.
latestvk97fgmt57125mn6w993jd01ehs823rpq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.