Aminer Open Academic 1.0.5
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a legitimate AMiner academic-search client, but it uses a user-provided AMiner token and can make paid API calls, so users should control token use and costs.
Install only if you are comfortable giving the skill an AMiner API token and making external AMiner API calls. Check the AMiner pricing for the workflows you use, keep result sizes small, and verify the package publisher/version because the registry and bundled metadata do not fully match.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your AMiner token may be used to access your AMiner account quota or billing plan for the queries you request.
The skill requires a user-provided AMiner token and uses it for API authorization. This is expected for the stated service integration, but the registry metadata lists no primary credential or env var.
所有 API 调用需要在请求头中携带 `Authorization: <your_token>` ... `python scripts/aminer_client.py --token <TOKEN>`
Use a least-privileged AMiner token if available, avoid sharing tokens in public/shared chats, and revoke or rotate the token if exposed.
Normal use can spend AMiner API credits or incur small per-call charges, especially in multi-step workflows.
The skill discloses paid AMiner API endpoints and encourages active use for academic queries. This is purpose-aligned, but users should notice that automated/default workflows may consume paid API credits.
即使用户只说“帮我查一下 XXX 学者”或“找找关于 XXX 的论文”,也应主动使用此 skill ... `paper_search_pro` ... `¥0.01/次` ... `paper_qa_search` ... `¥0.05/次` ... `paper_list_by_search_venue` ... `¥0.30/次`
Confirm before running paid or multi-step workflows, set small page/size limits, and prefer free search endpoints when a rough lookup is sufficient.
It may be harder to confirm that the package you install is from the expected publisher and release line.
The bundled metadata differs from the review registry metadata, which lists a different owner ID, slug, and version. This does not show malicious behavior, but it weakens publisher/version provenance.
`ownerId`: `kn7c22dqbrjkrkvqgr7w0w88x182468m`, `slug`: `aminer-open-academic`, `version`: `1.0.5`
Verify the publisher, slug, and version from a trusted registry page before installing or using a token with the skill.