← Back to Skills Marketplace

PubMed Review

Name: PubMed Review
Author: crayfish-ai

by crayfish-ai · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install pubmed-review

Description

飞书自然语言触发的 PubMed 文献检索与 AI 综述生成系统。支持专业检索式扩展、限定词过滤、AI 结构化综述（brief+full）、飞书通知、追问回答。

Usage Guidance

This skill appears to implement the advertised PubMed search + AI summarization pipeline, but please check these before installing: 1. Metadata mismatch: the registry header claims no required env vars, but SKILL.md and skill.json require MINIMAX_API_KEY (sensitive). Confirm which is authoritative before supplying secrets. 2. Secrets handling: the code automatically loads a .env.minimax file into environment variables. Ensure that file only contains the MiniMax API key (and nothing else you don't want imported or uploaded) and that its filesystem permissions are restricted. 3. Data exfiltration / privacy: article abstracts and user queries are sent to api.minimax.chat for LLM summarization. If abstracts include any sensitive or patient-identifiable information, do NOT send them to an external LLM without approval. 4. Notify script trust: the skill invokes an external notify binary/script (NOTIFY_PATH). Verify that notify is a trusted program (path is not user-controlled by untrusted actors) because the skill will call it with generated content. 5. Automation risk: scheduled usage (cron) and the task_dispatcher will automatically run the scripts and call external services. If you plan to deploy, run it in an isolated environment and test with non-sensitive data first. 6. Confirm provenance: the top-of-package source/homepage entries are inconsistent (some places say unknown, skill.json references a GitHub repo). If provenance matters, validate the upstream repository and author before trusting the code. If you proceed, review .env.minimax contents, validate the notify executable, and run the package in a controlled environment. If you want, I can point to specific lines that load the env file, call the LLM, and invoke notify so you can audit them more closely.

Capability Analysis

Type: OpenClaw Skill Name: pubmed-review Version: 1.0.1 The pubmed-review skill bundle is a legitimate tool designed for medical literature retrieval and AI-driven summarization. It interacts with the official PubMed E-utilities API and the MiniMax LLM API to process user requests and send notifications via Feishu. The code follows safe practices, such as using subprocess.run with shell=False in pubmed_intent_handler.py and pubmed_followup_handler.py to mitigate command injection risks. No evidence of data exfiltration, unauthorized credential access, or malicious prompt injection was found; all functionalities, including local file storage and network calls, are consistent with the stated purpose.

Capability Assessment

ℹ Purpose & Capability

The skill's code and scripts implement PubMed E-utilities search, abstract parsing, LLM-based summarization, task queuing, and Feishu notification — which matches the name/description. However, registry metadata at the top of the package listing claims "Required env vars: none" while SKILL.md and skill.json require MINIMAX_API_KEY (sensitive). There are also small metadata mismatches (published/version strings/homepage vs 'source: unknown'). These inconsistencies should be clarified.

ℹ Instruction Scope

Runtime instructions and scripts operate on local task/result files, read a local .env.minimax by default, call the MiniMax LLM API with article abstracts, and invoke an external notify script to push messages. All of that is within the declared purpose, but two scope items deserve attention: (1) the code automatically loads an env file into process environment (potentially setting unrelated secrets), and (2) article abstracts (medical content) and user queries are transmitted to a third-party LLM (api.minimax.chat) — confirm that is acceptable for your data/privacy requirements.

✓ Install Mechanism

No install spec is provided; the skill is instruction/code-only and does not download arbitrary archives or run a remote installer. This is lower risk than skills that fetch remote binaries. The package contains only Python and shell scripts that will be run locally.

ℹ Credentials

The only sensitive credential required is MINIMAX_API_KEY (used to call the MiniMax LLM) and that is proportional to the LLM summarization functionality. Other configurable items (MINIMAX_API_URL, MINIMAX_MODEL, NOTIFY_PATH, MINIMAX_ENV_FILE) are reasonable. However, the package will (by default) load and export all variables from a .env.minimax file into os.environ — this can unintentionally expose or override unrelated environment variables and may cause unintentional leakage if that file contains other secrets. Also the registry-level metadata incorrectly reported no required env vars, which is misleading.

✓ Persistence & Privilege

The skill does not request 'always: true', does not require root, and confines writes to its own task/result directories. It creates/modifies local files (tasks queue, results, followup state) which is expected for a queue/processor. It does open a lock file for dispatching; nothing indicates system-wide persistence or modification beyond the skill directory.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install pubmed-review
After installation, invoke the skill by name or use /pubmed-review
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.1

- Added bug fixes and minor improvements to the core scripts. - Updated internal logic in pubmed_followup_handler.py and pubmed_intent_handler.py. - Improved task handling in task_dispatcher.py. - No changes to user-facing features or workflow.

v1.0.0

- Initial release of the pubmed-review skill for Feishu. - Supports natural language PubMed literature searches and AI-generated structured reviews (brief + full). - Features intention recognition, query standardization and expansion, document filtering, and professional level summary outputs. - Includes Feishu notification, local Markdown summary storage, and contextual Q&A based on PMID. - Robust error handling for API failures, PubMed issues, and LLM parsing errors. - Flexible environment variable setup and command-line invocation supported.

Metadata

Slug pubmed-review

Version 1.0.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is PubMed Review?

飞书自然语言触发的 PubMed 文献检索与 AI 综述生成系统。支持专业检索式扩展、限定词过滤、AI 结构化综述（brief+full）、飞书通知、追问回答。 It is an AI Agent Skill for Claude Code / OpenClaw, with 97 downloads so far.

How do I install PubMed Review?

Run "/install pubmed-review" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is PubMed Review free?

Yes, PubMed Review is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does PubMed Review support?

PubMed Review is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created PubMed Review?

It is built and maintained by crayfish-ai (@crayfish-ai); the current version is v1.0.1.

More Skills