Aminer Open Academic 1.0.5
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: aminer-open-academic-1-0-5 Version: 1.0.0 The skill bundle is a legitimate tool for interacting with the AMiner academic platform API. The Python client (scripts/aminer_client.py) is well-structured, uses standard libraries (urllib), and contains no malicious logic, obfuscation, or unauthorized data exfiltration. The instructions in SKILL.md and the API documentation in references/api-catalog.md are consistent with the stated purpose of academic data retrieval and do not contain any prompt-injection attempts or instructions to perform harmful actions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your AMiner token may be used to access your AMiner account quota or billing plan for the queries you request.
The skill requires a user-provided AMiner token and uses it for API authorization. This is expected for the stated service integration, but the registry metadata lists no primary credential or env var.
所有 API 调用需要在请求头中携带 `Authorization: <your_token>` ... `python scripts/aminer_client.py --token <TOKEN>`
Use a least-privileged AMiner token if available, avoid sharing tokens in public/shared chats, and revoke or rotate the token if exposed.
Normal use can spend AMiner API credits or incur small per-call charges, especially in multi-step workflows.
The skill discloses paid AMiner API endpoints and encourages active use for academic queries. This is purpose-aligned, but users should notice that automated/default workflows may consume paid API credits.
即使用户只说“帮我查一下 XXX 学者”或“找找关于 XXX 的论文”,也应主动使用此 skill ... `paper_search_pro` ... `¥0.01/次` ... `paper_qa_search` ... `¥0.05/次` ... `paper_list_by_search_venue` ... `¥0.30/次`
Confirm before running paid or multi-step workflows, set small page/size limits, and prefer free search endpoints when a rough lookup is sufficient.
It may be harder to confirm that the package you install is from the expected publisher and release line.
The bundled metadata differs from the review registry metadata, which lists a different owner ID, slug, and version. This does not show malicious behavior, but it weakens publisher/version provenance.
`ownerId`: `kn7c22dqbrjkrkvqgr7w0w88x182468m`, `slug`: `aminer-open-academic`, `version`: `1.0.5`
Verify the publisher, slug, and version from a trusted registry page before installing or using a token with the skill.