← 返回 Skills 市场
crayfish-ai

PubMed Review

作者 crayfish-ai · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
97
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install pubmed-review
功能描述
飞书自然语言触发的 PubMed 文献检索与 AI 综述生成系统。支持专业检索式扩展、限定词过滤、AI 结构化综述(brief+full)、飞书通知、追问回答。
安全使用建议
This skill appears to implement the advertised PubMed search + AI summarization pipeline, but please check these before installing: 1. Metadata mismatch: the registry header claims no required env vars, but SKILL.md and skill.json require MINIMAX_API_KEY (sensitive). Confirm which is authoritative before supplying secrets. 2. Secrets handling: the code automatically loads a .env.minimax file into environment variables. Ensure that file only contains the MiniMax API key (and nothing else you don't want imported or uploaded) and that its filesystem permissions are restricted. 3. Data exfiltration / privacy: article abstracts and user queries are sent to api.minimax.chat for LLM summarization. If abstracts include any sensitive or patient-identifiable information, do NOT send them to an external LLM without approval. 4. Notify script trust: the skill invokes an external notify binary/script (NOTIFY_PATH). Verify that notify is a trusted program (path is not user-controlled by untrusted actors) because the skill will call it with generated content. 5. Automation risk: scheduled usage (cron) and the task_dispatcher will automatically run the scripts and call external services. If you plan to deploy, run it in an isolated environment and test with non-sensitive data first. 6. Confirm provenance: the top-of-package source/homepage entries are inconsistent (some places say unknown, skill.json references a GitHub repo). If provenance matters, validate the upstream repository and author before trusting the code. If you proceed, review .env.minimax contents, validate the notify executable, and run the package in a controlled environment. If you want, I can point to specific lines that load the env file, call the LLM, and invoke notify so you can audit them more closely.
功能分析
Type: OpenClaw Skill Name: pubmed-review Version: 1.0.1 The pubmed-review skill bundle is a legitimate tool designed for medical literature retrieval and AI-driven summarization. It interacts with the official PubMed E-utilities API and the MiniMax LLM API to process user requests and send notifications via Feishu. The code follows safe practices, such as using subprocess.run with shell=False in pubmed_intent_handler.py and pubmed_followup_handler.py to mitigate command injection risks. No evidence of data exfiltration, unauthorized credential access, or malicious prompt injection was found; all functionalities, including local file storage and network calls, are consistent with the stated purpose.
能力评估
Purpose & Capability
The skill's code and scripts implement PubMed E-utilities search, abstract parsing, LLM-based summarization, task queuing, and Feishu notification — which matches the name/description. However, registry metadata at the top of the package listing claims "Required env vars: none" while SKILL.md and skill.json require MINIMAX_API_KEY (sensitive). There are also small metadata mismatches (published/version strings/homepage vs 'source: unknown'). These inconsistencies should be clarified.
Instruction Scope
Runtime instructions and scripts operate on local task/result files, read a local .env.minimax by default, call the MiniMax LLM API with article abstracts, and invoke an external notify script to push messages. All of that is within the declared purpose, but two scope items deserve attention: (1) the code automatically loads an env file into process environment (potentially setting unrelated secrets), and (2) article abstracts (medical content) and user queries are transmitted to a third-party LLM (api.minimax.chat) — confirm that is acceptable for your data/privacy requirements.
Install Mechanism
No install spec is provided; the skill is instruction/code-only and does not download arbitrary archives or run a remote installer. This is lower risk than skills that fetch remote binaries. The package contains only Python and shell scripts that will be run locally.
Credentials
The only sensitive credential required is MINIMAX_API_KEY (used to call the MiniMax LLM) and that is proportional to the LLM summarization functionality. Other configurable items (MINIMAX_API_URL, MINIMAX_MODEL, NOTIFY_PATH, MINIMAX_ENV_FILE) are reasonable. However, the package will (by default) load and export all variables from a .env.minimax file into os.environ — this can unintentionally expose or override unrelated environment variables and may cause unintentional leakage if that file contains other secrets. Also the registry-level metadata incorrectly reported no required env vars, which is misleading.
Persistence & Privilege
The skill does not request 'always: true', does not require root, and confines writes to its own task/result directories. It creates/modifies local files (tasks queue, results, followup state) which is expected for a queue/processor. It does open a lock file for dispatching; nothing indicates system-wide persistence or modification beyond the skill directory.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install pubmed-review
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /pubmed-review 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Added bug fixes and minor improvements to the core scripts. - Updated internal logic in pubmed_followup_handler.py and pubmed_intent_handler.py. - Improved task handling in task_dispatcher.py. - No changes to user-facing features or workflow.
v1.0.0
- Initial release of the pubmed-review skill for Feishu. - Supports natural language PubMed literature searches and AI-generated structured reviews (brief + full). - Features intention recognition, query standardization and expansion, document filtering, and professional level summary outputs. - Includes Feishu notification, local Markdown summary storage, and contextual Q&A based on PMID. - Robust error handling for API failures, PubMed issues, and LLM parsing errors. - Flexible environment variable setup and command-line invocation supported.
元数据
Slug pubmed-review
版本 1.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

PubMed Review 是什么?

飞书自然语言触发的 PubMed 文献检索与 AI 综述生成系统。支持专业检索式扩展、限定词过滤、AI 结构化综述(brief+full)、飞书通知、追问回答。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 97 次。

如何安装 PubMed Review?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install pubmed-review」即可一键安装,无需额外配置。

PubMed Review 是免费的吗?

是的,PubMed Review 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

PubMed Review 支持哪些平台?

PubMed Review 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 PubMed Review?

由 crayfish-ai(@crayfish-ai)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论