← Back to Skills Marketplace
lixiang1076

Auto Research Pipeline

by lixiang1076 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
101
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-auto-research
Description
OpenClaw 原生的自动化研究 pipeline。从一个研究 topic 出发,经过 23 个 stage 产出完整论文。 每个 Phase 由独立 sub-agent 执行(context 隔离),Phase 间通过文件系统传递产出。 触发词:Research X、跑研究、文献调研、写论文、研究 pipel...
Usage Guidance
This skill is coherent for automating a research workflow, but proceed cautiously. Key things to check before installing or running: - Notifications: SKILL.md mentions pushing Feishu (飞书) messages but provides no Feishu token/config. Decide where notifications will go and supply credentials only if you trust that endpoint. - Generated-code execution: The pipeline asks the LLM to generate experiment code and then executes it. Ensure your execution environment actually enforces the promised sandbox (no network, restricted file writes, timeouts). If the platform cannot guarantee sandboxing, do not run the experiment-execution stages. - Network access: literature_search.py performs HTTP requests (arXiv, Semantic Scholar). Confirm you are comfortable with those outbound requests (rate limits, data leaving your environment). Semantic Scholar API keys are optional in code but not declared; if you supply a key, provide it securely and only if needed. - Data residency & secrets: artifacts are stored under ~/.openclaw/workspace/auto-research/. If you have sensitive files or tokens on the same filesystem, verify file permissions and isolation. - Unspecified tools: SKILL.md expects platform tools (memory_search, web_search/web_fetch, sessions_spawn). Understand what those tools send/receive and whether they transmit your prompts or files externally. If you decide to use it: run initial tests in an isolated environment (throwaway account or VM), disable network at the runtime layer if possible, and inspect any generated experiment.py before allowing execution.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-auto-research Version: 1.0.0 The skill bundle implements a complex 23-stage research pipeline that inherently possesses a high risk of Remote Code Execution (RCE) by design. Specifically, Phase D (S10) and Phase E (S12) involve generating Python code via an LLM and then executing it using shell commands (`python3 experiment.py`) in a loosely defined sandbox (`/tmp/researchclaw_sandbox`). While the instructions in SKILL.md and the prompts in references/phase-d-design.md attempt to enforce 'real' computation and self-containment, the system is highly vulnerable to prompt injection; a malicious research topic could trick the agent into generating and executing code that exfiltrates data or performs other harmful actions. Additionally, the 'Evolution Overlay' feature in SKILL.md uses memory_search to load 'lessons' from previous runs, which could allow for persistent indirect prompt injection if the agent's memory is poisoned with malicious instructions.
Capability Assessment
Purpose & Capability
Name/description align with included artifacts: prompt templates, domain definitions, and two helper scripts (literature_search.py and pipeline_state.py) are appropriate for an automated research pipeline.
Instruction Scope
Runtime instructions authorize spawning sub-agents, running the included Python scripts, performing web_search/web_fetch calls, and executing LLM-generated experiment code. These actions are consistent with the stated purpose, but the pipeline depends on external tools (memory_search, web_search, web_fetch, sessions_spawn) and on enforcing a no-network sandbox for experiment execution — the SKILL.md asserts these constraints but provides no mechanism to enforce them. It also repeatedly instructs pushing Feishu (飞书) notifications even though no Feishu config/credentials are declared.
Install Mechanism
No install spec; skill is instruction-plus-scripts only. No remote downloads or package installs are requested, which keeps disk/write footprint limited to the included files and produced artifacts under ~/.openclaw/workspace.
Credentials
The skill requests no environment variables or credentials, yet its instructions reference sending notifications to Feishu and optionally using Semantic Scholar API with an API key. Those notification and API behaviours require tokens/config which are not declared. Also the pipeline writes artifacts to the user's home (~/.openclaw), which is expected but notable. Overall, credentials and configuration needs are under-specified relative to the described runtime actions.
Persistence & Privilege
always:false (normal). The skill writes state and artifact files under ~/.openclaw/workspace/auto-research — confined to its own workspace. It spawns sub-agents (normal for this platform) but does not request system-wide modifications or other skills' credentials. The main concern is the ability to execute arbitrary LLM-generated code during experiment stages, which increases blast radius if sandboxing or network restrictions are not enforced by the runtime environment.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-auto-research
  3. After installation, invoke the skill by name or use /openclaw-auto-research
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: 23-stage research pipeline with Phase-level sub-agent isolation, state machine (checkpoint/gate/rollback), dual-source literature search (arXiv + Semantic Scholar), domain detection, topic quality self-evaluation, and evolution overlay via OpenClaw memory.
Metadata
Slug openclaw-auto-research
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Auto Research Pipeline?

OpenClaw 原生的自动化研究 pipeline。从一个研究 topic 出发,经过 23 个 stage 产出完整论文。 每个 Phase 由独立 sub-agent 执行(context 隔离),Phase 间通过文件系统传递产出。 触发词:Research X、跑研究、文献调研、写论文、研究 pipel... It is an AI Agent Skill for Claude Code / OpenClaw, with 101 downloads so far.

How do I install Auto Research Pipeline?

Run "/install openclaw-auto-research" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Auto Research Pipeline free?

Yes, Auto Research Pipeline is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Auto Research Pipeline support?

Auto Research Pipeline is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Auto Research Pipeline?

It is built and maintained by lixiang1076 (@lixiang1076); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments