Pubmed Edirect
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a transparent PubMed/NCBI command-line helper, but it requires careful manual installation, shell-command use, and optional NCBI credential handling.
Install this only if you are comfortable reviewing and running command-line tools. Verify the NCBI installer, avoid running as root, protect any NCBI API key or email you configure, and review commands or scripts before executing them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the external installer source or downloaded script were compromised, running it could affect the local system.
The skill depends on an external installer script from NCBI. The docs instruct the user to download, review, and then execute it, making this purpose-aligned but still a supply-chain step users should verify.
wget -q https://ftp.ncbi.nlm.nih.gov/entrez/entrezdirect/install-edirect.sh ... less install-edirect.sh ... ./install-edirect.sh
Download only from the official NCBI domain, review the installer before running it, avoid piping remote scripts directly to a shell, and install as a non-root user when possible.
The skill can run local command-line workflows that write files, access the network, and invoke installed binaries.
The skill intentionally uses local shell execution for EDirect commands. This is central to the skill’s purpose and disclosed, but users should review commands before running them.
Use OpenClaw's `exec` tool to run EDirect commands: exec -c 'esearch -db pubmed -query "CRISPR [TIAB]" | efetch -format abstract | head -200'
Run only commands you understand, keep queries and filenames quoted, review included scripts before use, and avoid granting unnecessary shell privileges.
An NCBI API key or email stored in shell configuration may be visible to local processes or exposed if configuration files are shared.
The skill documents optional NCBI API key configuration for higher rate limits, including persistent shell configuration. This credential use is expected for NCBI access but should be handled carefully.
export NCBI_API_KEY=your_api_key_here ... echo 'export NCBI_API_KEY="your_api_key_here"' >> ~/.bashrc
Use the API key only when needed, avoid committing shell configuration files, prefer session-only exports on shared systems, and rotate the key if it is exposed.
A scheduled literature-monitoring job could continue running and making network requests until removed.
The documentation includes a user-directed scheduled monitoring workflow. It is purpose-aligned, but scheduled execution should be explicitly configured and monitored by the user.
Create a cron job in OpenClaw to check for new publications
Use scheduled monitoring only when needed, set clear frequency and output limits, log activity, and remove the job when it is no longer useful.