OpenPaperGraph
v1.0.0Academic literature discovery and citation network analysis. Multi-source search across arXiv, DBLP, Semantic Scholar, and Google Scholar. Build citation net...
⭐ 0· 58·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (search, PDF parsing, citation graphs, LLM summaries) match the provided CLI and service modules (arXiv, DBLP, Semantic Scholar, Google Scholar access via scholarly, PDF parsing, graph building, Zotero import). Optional env vars documented in SKILL.md (S2_API_KEY, various LLM keys) correspond to documented features and are optional.
Instruction Scope
SKILL.md instructs the agent to run the included CLI from SKILL_DIR, install a small set of Python packages, and read/write graph JSON and uploaded PDFs. The instructions do not ask the agent to read arbitrary system files or exfiltrate secrets; parsing PDFs, writing JSON, and starting a local server are within the stated scope.
Install Mechanism
There is no platform-level install spec, but an install.sh (one-line installer) is included. install.sh symlinks SKILL.md into ~/.claude (global) or project .claude folder and runs pip install httpx pymupdf scholarly. This is coherent with enabling the skill but will modify the user's Python environment (global pip) and create symlinks in the home directory—recommend running in a virtualenv or inspecting the script first.
Credentials
Registry metadata lists no required env vars; SKILL.md documents optional env vars (S2_API_KEY and many LLM keys) that are reasonable for optional features (avoid rate limits, enable LLM summaries). The code and installer check these variables but do not require them. No unrelated credentials are requested.
Persistence & Privilege
The skill writes and updates graph JSON files and the serve mode persists edits to disk. The installer creates symlinks under ~/.claude when installing globally. always:false and normal autonomous invocation are used. These behaviors are expected for a CLI/skill but involve persistent local storage and minor changes to the user's Claude/OpenClaw configuration.
Assessment
OpenPaperGraph appears internally consistent with its stated purpose, but before installing:
- Inspect install.sh and prefer running dependency installation inside a virtualenv (pip install into a venv) to avoid changing system Python packages.
- The installer may create a symlink under ~/.claude/commands/opg/SKILL.md for global availability; if you don't want global changes, use the project install mode or skip the installer and call the CLI directly.
- Optional API keys (S2_API_KEY, OPENAI_API_KEY, etc.) are documented and not required; only provide keys you trust and understand their scope.
- Expect network activity (queries to arXiv, Semantic Scholar, Google Scholar via scholarly, Unpaywall, CrossRef, OpenAlex) and local file writes (graph JSON, exported HTML/BibTeX). Don't feed private PDFs or secrets you don't want stored in graph JSON files.
- The project uses the scholarly package to access Google Scholar (scraping-like access) which can be rate-limited or fragile; monitor usage accordingly.
If you want greater assurance, run the installer in --check mode, review the CLI source (openpapergraph_cli.py) and services/*.py modules, and run the CLI locally in a controlled environment before enabling global skill registration.Like a lobster shell, security has layers — review code before you run it.
latestvk97cy7wj7tdhfav8zfkg398ba983kpez
License
MIT-0
Free to use, modify, and redistribute. No attribution required.