← 返回 Skills 市场
Paperzilla CLI
作者
Mark Pors 🦖
· GitHub ↗
· v1.0.0
558
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install pz
功能描述
Paperzilla CLI lets you search, filter, and browse AI-curated academic papers by project, requiring a Paperzilla account for authentication.
安全使用建议
This skill is an instruction-only wrapper for the Paperzilla CLI and is mostly coherent, but take these precautions before installing or using it:
- Verify origin: check the brew tap and the GitHub repos referenced (paperzilla-ai) to confirm they are legitimate and maintained by the Paperzilla project before running installs.
- Avoid blindly running curl | tar | sudo mv: download the release tarball manually, inspect its contents/signature, and verify checksums when available.
- Be cautious with 'pz login' and feed tokens: understand whether login uses OAuth/browser flow or asks for credentials; never paste tokens or feed URLs containing embedded tokens into public channels.
- Treat PZ_API_URL with suspicion: only set it to endpoints you control or trust — a custom API URL could redirect your queries and secrets to an attacker.
- Ask the publisher to clarify the metadata mismatch (registry shows no required binaries while SKILL.md requires 'pz') and to document the authentication flow.
If you need low risk, prefer using the official Paperzilla web UI or verify the CLI binaries and source code before installing.
功能分析
Type: OpenClaw Skill
Name: pz
Version: 1.0.0
The skill bundle provides standard installation and usage instructions for the Paperzilla CLI tool. While the Linux installation method involves piping `curl` output to `tar` for execution, this is a common practice for CLI tools and does not indicate malicious intent from the skill bundle itself, but rather a standard supply chain risk. There is no evidence of data exfiltration, malicious execution, persistence, or prompt injection attempts against the AI agent within the `SKILL.md` or `_meta.json` files.
能力评估
Purpose & Capability
The SKILL.md describes a CLI for Paperzilla and the runtime instructions are limited to installing and using the 'pz' CLI — this is consistent with the stated purpose. However, the registry metadata at the top of the evaluation says 'Required binaries: none' while the SKILL.md metadata declares a required binary 'pz' and provides install instructions. That mismatch between declared registry requirements and the skill's own instructions is inconsistent and worth clarifying with the publisher.
Instruction Scope
The instructions remain within the Paperzilla CLI domain (install pz, run 'pz login', 'pz feed', etc.). They do allow overriding the API endpoint via PZ_API_URL and note that '--atom' prints a feed URL containing an embedded token. Those two items (custom API URL + embedded token output) increase the risk of misconfiguration or accidental token exposure, but they are feature-level behaviors of the CLI rather than outright scope creep (the SKILL.md does not instruct the agent to read unrelated system files or other credentials).
Install Mechanism
No formal install spec was included in the registry entry, but the SKILL.md provides platform-specific install commands: a brew tap (paperzilla-ai/tap), a Scoop bucket from GitHub, and a Linux curl from a GitHub releases URL. These are common distribution mechanisms and use recognizable hosts (GitHub, Homebrew). The Linux command uses a curl | tar xz pipe and then moves a binary into /usr/local/bin, which is a standard pattern but carries the usual risk of running a downloaded binary — you should verify the GitHub release and repository owner before running it.
Credentials
The skill declares no required environment variables and does not request unrelated credentials, which is proportionate. However, it documents an override variable (PZ_API_URL) that lets the CLI talk to a custom endpoint and it explicitly indicates the '--atom' flag prints a URL with an embedded feed token. Both features can be abused or cause accidental credential/token leakage (e.g., pointing PZ_API_URL to an attacker-controlled host or sharing an atom URL with an embedded token). The skill does not declare any primary credential; 'pz login' appears to be interactive, but the SKILL.md does not explain the authentication flow (OAuth vs password), which is a minor gap.
Persistence & Privilege
The skill does not request always:true, does not claim elevated system privileges, and does not declare config paths or persistent agent-level changes. Agent invocation defaults are normal. There is no evidence the skill would modify other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pz - 安装完成后,直接呼叫该 Skill 的名称或使用
/pz触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
Paperzilla CLI 是什么?
Paperzilla CLI lets you search, filter, and browse AI-curated academic papers by project, requiring a Paperzilla account for authentication. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 558 次。
如何安装 Paperzilla CLI?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pz」即可一键安装,无需额外配置。
Paperzilla CLI 是免费的吗?
是的,Paperzilla CLI 完全免费(开源免费),可自由下载、安装和使用。
Paperzilla CLI 支持哪些平台?
Paperzilla CLI 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Paperzilla CLI?
由 Mark Pors 🦖(@pors)开发并维护,当前版本 v1.0.0。
推荐 Skills