ClawHub

Literature Review

v1.2.0

Assistance with writing literature reviews by searching for academic sources via Semantic Scholar, OpenAlex, Crossref and PubMed APIs. Use when the user needs to find papers on a topic, get details for specific DOIs, or draft sections of a literature review with proper citations.

19· 7.4k·71 current·77 all-time
by@weird-aftertaste
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the code and instructions: the script queries Semantic Scholar, OpenAlex, Crossref, and PubMed and normalizes results (DOI extraction, deduplication, abstracts). The required network access is appropriate for the stated purpose.
Instruction Scope
SKILL.md instructs the agent to run scripts that call the four APIs and to use environment variables for polite access and optional API keys. The instructions focus on the task and do not request unrelated system files or other credentials. Note: the SKILL.md and script access USER_EMAIL/CLAWDBOT_EMAIL and optional API keys for S2/OA.
Install Mechanism
There is no install spec (instruction-only with an included script). That limits what is written/executed on disk to the single script provided — lower risk than arbitrary downloads. The script uses the requests and xml libraries (standard Python usage).
!
Credentials
Registry metadata lists no required env vars, but SKILL.md and the script use USER_EMAIL/CLAWDBOT_EMAIL and optional SEMANTIC_SCHOLAR_API_KEY and OPENALEX_API_KEY. This mismatch should be resolved. The keys are optional and reasonable for API rate limits, but the skill will read the USER_EMAIL env var (used in User-Agent) — ensure you are comfortable exposing that value. No unrelated secrets are requested.
Persistence & Privilege
always is false and the skill does not request persistent or system-wide privileges. It does not attempt to modify other skills or system configuration.
Assessment
This skill is generally coherent for literature searching, but take these precautions before installing or running it: (1) Review the full scripts locally — the included Python file shows a visible bug (a truncated line using last.tex instead of last.text and the file output was truncated in the manifest) — fix or inspect the code before running. (2) The SKILL.md mentions environment variables (USER_EMAIL, CLAWDBOT_EMAIL, SEMANTIC_SCHOLAR_API_KEY, OPENALEX_API_KEY) but the registry metadata lists none — confirm which env vars you must provide and never supply unrelated secrets. (3) The script makes outbound HTTP requests to public APIs (Semantic Scholar, OpenAlex, Crossref, PubMed); run it in an isolated environment if you have concerns about network access. (4) If you supply API keys, use keys with limited scope and revoke them if you stop using the skill. (5) If you want higher confidence, ask the publisher for the full source (untruncated) and a corrected script before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk970gwsy24aahev1syxsrh7jh17zveqb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments