ClawHub

Academic Paper Finder

v1.0.0

Search biomedical literature, get citation counts, and import to Zotero/EndNote. Use when: (1) User asks to search for papers/literature by DOI, title, autho...

0· 166·0 current·0 all-time
by@merdeng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included scripts: pubmed_search.py (search + citations via OpenAlex), zotero_add.py and batch_import.py (Zotero interactions), and generate_ris.py (RIS output). The only required secrets (ZOTERO_API_KEY and ZOTERO_USER_ID) are appropriate for Zotero writes.
Instruction Scope
SKILL.md tells the agent to run the included scripts and to set Zotero env vars. The scripts only access PubMed (NCBI eutils), OpenAlex, and Zotero APIs, and write local RIS files; they do not reference unrelated system files, other credentials, or unknown remote endpoints.
Install Mechanism
No install spec is present (instruction-only with bundled scripts). No download-from-URL or package installs are used, so nothing is pulled from external arbitrary URLs at install time.
Credentials
Only ZOTERO_API_KEY and ZOTERO_USER_ID are required for Zotero interactions, which is proportional to the stated functionality. No unrelated secrets or config paths are requested.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or system-wide config. It performs normal network requests and local file writing (RIS exports) within scope.
Assessment
This skill is coherent with its stated purpose, but review these practical points before installing or running it: (1) You must supply a Zotero API key — only provide a key with the minimum scopes needed (preferably a personal key limited to your library). (2) The scripts call NCBI eutils and OpenAlex APIs; be mindful of rate limits and avoid bulk runs without delays. (3) The code parses PubMed XML with regex (fragile but not malicious) — occasionally some records may not parse correctly. (4) Because the scripts perform network requests and write files, run them in an environment you trust; do not expose your Zotero API key to shared or untrusted machines. (5) If you want extra assurance, inspect the included scripts locally or run them with test PMIDs and a throwaway Zotero account before granting access to your primary library.

Like a lobster shell, security has layers — review code before you run it.

latestvk970jwp8sqqcnpyaak7312pnax82zq2k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments