← 返回 Skills 市场

Auto Research Claw

Name: Auto Research Claw
Author: donwrightdesigns

作者 Don A Wright Jr · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

160

总下载

当前安装

版本数

在 OpenClaw 中安装

/install auto-research-claw

功能描述

Automates research by conducting literature searches, running experiments, and generating LaTeX papers from detailed research topics.

使用说明 (SKILL.md)

AutoResearchClaw

Autonomous research pipeline that turns ideas into papers via literature search, experiments, and LaTeX generation.

Usage

Start an autonomous research run: researchclaw run --topic "Your detailed research topic" --auto-approve

Installation

This skill requires Python 3.11+ and various research-specific dependencies.

cd ~/.openclaw/skills/auto-research-claw
python3 -m venv .venv
source .venv/bin/activate
pip install -e .
./researchclaw setup

Config

Default configuration is stored in config.arc.yaml. Bridge mode allows integration with OpenClaw internal tools (sessions, web_fetch, message).

安全使用建议

This package is feature-rich and appears to implement what it claims, but there are several mismatches and powerful runtime behaviors you should treat carefully: 1) Source provenance: 'Source: unknown' and no homepage — prefer software from a known repo or signed releases. 2) Secrets and keys: it expects LLM API keys and may reference many env vars (OPENAI_API_KEY, GEMINI_API_KEY, PRM_API_KEY, MINIMAX_API_KEY); do not expose more secrets than necessary and do not point it at ~/.ssh/id_rsa unless you understand the consequences. 3) Run in isolation: if you want to try it, install and run it inside a disposable VM/container with no access to your real SSH keys, sensitive files, or organization networks. 4) Inspect setup scripts: open `researchclaw setup`, `sentinel.sh`, and any install hooks before running them; they can install npm packages or Docker images. 5) Disable bridging/autoconnect features initially: set openclaw_bridge.* and metaclaw_bridge.* integrations to false and set opencode.auto=false before any autonomous runs. 6) Avoid --auto-approve until you have audited config and run a dry local test; prefer manual approval and small time/resource budgets. 7) If you need stronger assurance, ask the owner for a canonical repository link, signed release tarball, or a trimmed skill that only exposes the minimal capabilities you require. Finally, if you lack the ability to audit the code, do not run the skill with access to sensitive environments or credentials.

功能分析

Type: OpenClaw Skill Name: auto-research-claw Version: 1.0.0 The AutoResearchClaw skill bundle is a highly sophisticated autonomous research pipeline. It demonstrates strong security awareness by implementing multiple defensive layers to mitigate risks associated with executing LLM-generated code. Specifically, it includes an AST-based security validator (researchclaw/experiment/validator.py) that blocks dangerous calls like os.system and eval, and utilizes Docker-based sandboxing with strict network isolation policies (researchclaw/experiment/docker_sandbox.py and researchclaw/agents/figure_agent/renderer.py). The code is well-structured, follows its stated purpose of automating literature search, experiments, and paper generation, and lacks any indicators of malicious intent such as data exfiltration or unauthorized persistence.

能力评估

ℹ Purpose & Capability

Name/description (autonomous literature search, experiments, LaTeX output) match the included code: LLM clients, web crawlers, arXiv/OpenAlex/SemanticScholar clients, experiment sandboxes (docker/ssh/subprocess), Overleaf sync, multi-agent orchestration and a CLI. However the skill registry declares no required env vars/config, while the code and SKILL.md clearly expect LLM API keys (OPENAI_API_KEY, GEMINI_API_KEY, MINIMAX_API_KEY, etc.), possible PRM/metaclaw credentials, npm opencode usage, and SSH key paths. The declared metadata under-represents the real capabilities/requirements.

⚠ Instruction Scope

SKILL.md tells the user to create a venv, pip install -e ., run `researchclaw setup` and `researchclaw run --auto-approve`. Those steps can install dependencies, run setup scripts, enable ‘bridge mode’ to OpenClaw internal tools (sessions, web_fetch, message), and then launch autonomous end-to-end runs that execute arbitrary generated code in local, Docker or remote SSH sandboxes. The runtime instructions therefore grant the skill broad filesystem, network, and remote-execution scope (including opportunities to read user config/SSH keys and to fetch/post data).

ℹ Install Mechanism

Registry lists no formal install spec, but SKILL.md instructs the user to pip install the local package and run `researchclaw setup`. The bundle includes hundreds of source files, Docker entrypoints and shell scripts — so following the SKILL.md will write and execute sizable code on the host. No remote download URL in an automated install spec was declared, but the manual pip/setup workflow still results in code being installed and run.

⚠ Credentials

Declared required env vars in registry = none, yet config examples and README reference many API keys and secrets (OPENAI_API_KEY, GEMINI_API_KEY, PRM_API_KEY, MINIMAX_API_KEY, optional gemini_api_key, opencode npm, SSH key_path ~/.ssh/id_rsa, MetaClaw proxy/fallback_api_key, etc.). The skill legitimately needs at least an LLM API key for full functionality, but the metadata omission is a mismatch. Also the config uses default paths (e.g. ~/.ssh/id_rsa) which, if used, could expose private keys to remote experiment execution — this needs user review/explicit consent.

⚠ Persistence & Privilege

always:false, so the skill is not force-included, but it is written to run autonomously (disable-model-invocation: false). The codebase contains server/dispatcher modules, Docker/SSH executors, and overleaf/web sync which, when run, will open network connections and may spawn background components. Combined with underdeclared environment needs and the `--auto-approve` run pattern, this raises the blast radius if run without isolation.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install auto-research-claw
安装完成后，直接呼叫该 Skill 的名称或使用 /auto-research-claw 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Initial release of AutoResearchClaw. - Automates research workflows: literature search, experiments, and LaTeX paper generation. - Provides command-line interface for starting autonomous research runs. - Includes setup and installation instructions for Python 3.11+ environments. - Supports bridge mode for integration with OpenClaw internal tools.

元数据

Slug auto-research-claw

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题