Academic Literature Search
v0.1.3提供多权威数据库的学术文献检索,支持自然语言、多字段搜索、高级过滤、去重排序及多格式结果输出。
⭐ 1· 740·6 current·6 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description claim integration with Semantic Scholar, Crossref, PubMed, arXiv; the code (agent.py), SKILL.md, README, and skill.json implement HTTP clients, caching, output formatting, and configuration. Required network and file-write permissions match the stated purpose. Optional API keys are appropriate for the listed providers.
Instruction Scope
SKILL.md instructs the agent to send search queries to the documented third-party APIs, use a config file and cache directory, and optionally set API keys. It does not instruct reading unrelated system files, harvesting credentials, or calling hidden endpoints. It recommends reviewing network destinations and using your own API keys.
Install Mechanism
There is no explicit install spec (instruction-only), but the package includes code and a requirements.txt. That is not inherently malicious, but users must ensure dependencies (aiohttp, requests, pandas, pyyaml, aiofiles) are installed in a controlled environment (virtualenv). The lack of an install step means the runtime may fail if deps aren't present—this is an operational note rather than a security issue.
Credentials
Environment variables mentioned (SEMANTIC_SCHOLAR_API_KEY, CROSSREF_API_EMAIL, PUBMED_API_KEY) are optional and appropriate for the APIs used. No unrelated credentials or high-privilege env vars are requested. The code uses a cache directory under the user's home—expected for caching.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or global agent settings. It writes to a local cache directory and may create log files as configured—these are reasonable for the function.
Assessment
This skill appears consistent with its stated purpose. Before installing: (1) review the full agent.py (the provided snippet is long—ensure no hidden endpoints or unexpected behavior), (2) run it in a virtualenv and install dependencies from requirements.txt, (3) set your own API keys (avoid default email/credentials), (4) verify the repository/homepage and version (skill.json lists version 2.0.0 while registry metadata shows 0.1.3), and (5) be aware it will contact third-party academic APIs and store cache/log files under your home directory. If you need higher assurance, inspect the entire agent.py for any network calls beyond the documented APIs and run tests in an isolated environment.Like a lobster shell, security has layers — review code before you run it.
latestvk978hks6f1d3cbv96g9dqpa1an82j3h9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.