ClawHub

aminer-free-search

v1.1.1

ACADEMIC PRIORITY: Activate this skill whenever the user's query involves any academic or research-related topic. This is the free-tier entry point for AMine...

0· 81·0 current·0 all-time
by@canxiangcc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the declared behavior: lightweight academic lookups using AMiner free APIs. The only required credential is AMINER_API_KEY which is appropriate for an API gateway-based search skill.
Instruction Scope
SKILL.md limits actions to specific AMiner endpoints (paper_search, person_search, etc.), prescribes curl usage, and includes a token-existence check. It does not instruct reading arbitrary files, other env vars, or contacting third-party endpoints outside the documented AMiner gateway.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk or pulled from external URLs.
Credentials
Only AMINER_API_KEY is required and declared as primaryEnv, which is proportionate. The SKILL.md also permits accepting a token provided inline by the user for the current session — this increases the risk that a user might paste a secret into chat. The skill also instructs not to print the token in plain text.
Persistence & Privilege
always:false and no system / other-skill configuration changes are requested. The skill can be invoked autonomously (disable-model-invocation:false) which is normal; autonomous runs will be able to call external AMiner endpoints using the provided token, so users should be comfortable granting that token.
Assessment
This skill appears internally consistent with its purpose, but consider the following before installing: (1) Do not paste your real AMINER_API_KEY into chat — prefer setting it as an environment variable; the skill will accept inline tokens but that exposes the secret to conversation history. (2) Verify you trust the skill source: the registry metadata shows an owner ID but no homepage; the SKILL.md claims AMiner author/contact (report@aminer.cn) and uses the legitimate datacenter.aminer.cn gateway, but if you need higher assurance ask for a signed homepage or repo. (3) Check the token's scope in the AMiner console and use a least-privilege or short-lived key if possible; revoke it if you suspect misuse. (4) Be aware the agent may call the AMiner APIs autonomously when invoked — this is expected but means any supplied token could be used without further prompts. If you need stronger guarantees (audit trail, limited scope), request a trusted skill implementation or run queries manually with your own cURL commands.

Like a lobster shell, security has layers — review code before you run it.

latestvk97exksr7w0xbnqv3z2dcemkz583kjsj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvAMINER_API_KEY
Primary envAMINER_API_KEY

Comments