ClawHub

PubMed Search Specialist

v1.0.0

Build complex Boolean query strings for precise PubMed/MEDLINE literature retrieval. Trigger when user needs MeSH term mapping, Boolean query construction, a...

0· 46·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, SKILL.md, reference docs, and scripts/main.py all focus on building MeSH-based PubMed Boolean queries. The included Python script and reference files are coherent with the stated purpose; nothing in the manifest requests unrelated access (no env vars, no binaries).
Instruction Scope
SKILL.md instructs the agent to validate inputs and run the packaged script (python scripts/main.py). Instructions do not direct the agent to read unrelated system files, exfiltrate data, or contact external endpoints. It asks the user to supply input/output paths (expected for a CLI tool).
Install Mechanism
No install spec is provided (instruction-only skill with a packaged script). This is low-risk; nothing is downloaded from external URLs or written to system locations by an installer.
Credentials
The skill declares no required environment variables or credentials. requirements.txt lists 'dataclasses' and 'requests', which is slightly unnecessary for Python 3.10+ (dataclasses is builtin) and requests is not visibly used in the provided code — a small mismatch but not a security concern.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or to modify other skills. Autonomous invocation is allowed by default, which is normal; nothing else elevates its privilege footprint.
Assessment
This package appears to do what it says: build PubMed Boolean queries. Before running it, inspect scripts/main.py (you can read it or run `python -m py_compile scripts/main.py` as the SKILL.md suggests). Run the script in a Python virtualenv or isolated environment (it targets Python 3.10+). Be aware the tool will read any input file paths you give it — only supply files you trust. The requirements file includes 'requests' and 'dataclasses' even though 'dataclasses' is builtin for 3.10 and 'requests' is not obviously used; that is a minor mismatch but not malicious. If you need stronger assurance, run the script with harmless test inputs and/or in a sandboxed environment and search the code for any network calls or subprocess invocations before providing sensitive data or credentials (none are required by this skill).

Like a lobster shell, security has layers — review code before you run it.

latestvk97becb3gb6fn71977ep92554d83z6ev

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments