学术论文检索小助手
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: songge-academic-search Version: 1.0.2 The skill bundle is a legitimate academic research tool that integrates multiple scholarly data sources including OpenAlex, Semantic Scholar, Crossref, arXiv, and PubMed. The Python script `scripts/research.py` uses standard libraries to perform API queries and format bibliographic data (BibTeX, RIS, etc.), with no evidence of data exfiltration, unauthorized file access, or malicious command execution. The documentation in `SKILL.md` and `references/readme.md` provides clear instructions for the AI agent and users, including transparent handling of optional API keys and a user-triggered PDF download feature.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the API key could be exposed through shell history, process listings, or shared terminal configuration.
The skill may use an optional Semantic Scholar API key. That is purpose-aligned, but users should notice that a credential may be passed on the command line or stored in a shell profile.
使用时通过 CLI 参数传入:`--semantic-api-key 'your-key'` ... `S2_API_KEY` 环境变量由用户在 `~/.bashrc` 中自行配置
Use the key only when needed, avoid pasting it into shared transcripts, and store it using your normal secret-management practices.
A later dependency version from PyPI could introduce bugs or security issues even if the current skill code is benign.
The dependency list uses lower-bound version ranges rather than pinned versions. Installing these packages is expected for the skill, but future package changes could affect behavior.
requests>=2.31.0 ... semanticscholar>=0.8.0 ... arxiv>=2.0.0 ... biopython>=1.81
Install in a virtual environment and consider pinning exact versions if you need reproducible or higher-assurance use.
The skill may create files in the selected output directory when asked to export references or download PDFs.
The skill can write citation exports and downloaded PDFs to user-specified paths. This is disclosed and purpose-aligned, but it is still local file mutation.
`--download` | 下载 arXiv PDF ... `--output-dir` | PDF 下载目录 ... `-o, --output` | 保存到文件
Choose a dedicated output folder and review generated files before importing or sharing them.
Research topics, keywords, dates, authors, or DOI lists may be visible to the external API providers used for search.
The script sends search parameters and DOI metadata requests to external scholarly APIs. This is central to the skill, but users should understand that their queries leave the local machine.
OPENALEX_BASE = "https://api.openalex.org" ... CROSSREF_BASE = "https://api.crossref.org" ... resp = SESSION.get(..., params=p, timeout=30)
Avoid using sensitive or confidential research queries unless you are comfortable sending them to those providers.