← 返回 Skills 市场
781
总下载
0
收藏
6
当前安装
1
版本数
在 OpenClaw 中安装
/install research-report
功能描述
Research technical projects/papers and generate comprehensive reports with PDF export. Modes: lite (analysis + writing) or full (+ environment setup + experi...
安全使用建议
This skill appears to be a lightweight, local report generator implemented as bash scripts — not a full autonomous research agent. Before installing or running it:
- Understand what it actually does: the scripts create iterative Markdown drafts, list (but do not fetch) local project files, and convert Markdown to PDF locally with pandoc or an existing md2pdf skill. They do not perform web searches, download papers, perform automated experiments, nor send PDFs via Telegram despite those claims in SKILL.md.
- If you plan to provide --project-path pointing to a local repo, be cautious: the skill will read files under that path (find -type f) and will create logs and report files in your workspace. It does not execute user code, but if you later run 'full' experiments manually you may execute untrusted code — do that in an isolated environment.
- Verify the md2pdf path and pandoc availability on your system; the script will call $HOME/.openclaw/skills/md2pdf/scripts/md2pdf.sh if present, otherwise it invokes pandoc directly.
- Because the documentation over-promises (remote fetching, Telegram delivery, automated experiments) but the code does not implement those steps, treat the skill as partial/incomplete. If you need the claimed features, request or inspect additional code that implements them. If you accept the current behavior, run the scripts in a controlled workspace (or container) and review the created files/logs afterward.
- If you want to proceed but are security-conscious: run the scripts in a throwaway or sandboxed account/container and inspect the output and created files before granting broader access.
功能分析
Type: OpenClaw Skill
Name: research-report
Version: 1.0.0
This skill is classified as suspicious due to significant vulnerabilities related to input sanitization. The `WORKSPACE` parameter in `scripts/research-report.sh` is used directly to construct output directories without sanitizing for path traversal sequences (e.g., `../`), allowing an attacker to write files to arbitrary locations on the filesystem (e.g., `/etc/reports`). Additionally, the `PROJECT_PATH` parameter is used directly in a `find` command, enabling information disclosure by listing files in arbitrary directories (e.g., `/etc`). While the skill's stated purpose involves broad capabilities like environment setup and experiment execution, these vulnerabilities are flaws that could be exploited, rather than evidence of intentional malicious design.
能力评估
Purpose & Capability
Name/description (research report generation, PDF export, lite/full modes) matches the provided bash scripts: they create drafts, optionally read a local project path, generate PDFs via pandoc or a local md2pdf skill, and record logs. Minor mismatch: SKILL.md describes remote literature search and 'send to user via Telegram', but the scripts do not perform network fetches or any Telegram send; they only create local notes and read local files. Overall requirements (pandoc) are proportional.
Instruction Scope
SKILL.md instructs broad runtime behavior (search arXiv, fetch related papers, identify dependencies, 'Code reading (local or remote)') but the scripts implement only local-note creation, listing/finding local files, drafting iterative markdown files, and optional pandoc-based PDF conversion. 'Full mode' claims dependency install and experiment execution, but the script explicitly warns that full mode requires manual intervention and does not perform conda/CUDA installs or run experiments automatically. There is also an unimplemented note about sending the PDF via Telegram present in SKILL.md but not in scripts. The instruction doc therefore over-promises capabilities that are not implemented in the code.
Install Mechanism
No install spec and only two small shell scripts + markdown templates are included. There are no downloads, archive extracts, or external installers declared. This is the lower-risk, instruction-only / lightweight script distribution model.
Credentials
Declared runtime requirement is pandoc (and mentions texlive-xetex for full PDF rendering). The skill requests no credentials or secret environment variables. It writes under a workspace directory (default: ~/.openclaw/workspace-research) and appends to a per-day memory file; these are proportionate to a report generator. It does reference $HOME and optional --project-path (local path) — neither are excessive, but note that supplying a project path points the tool at local code.
Persistence & Privilege
always:false (no forced inclusion). The scripts create files under the workspace and append to a memory file, but they do not modify other skills' configs or system-wide settings. The skill checks for a local md2pdf script path under $HOME and will call it if present; this is contained and expected.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install research-report - 安装完成后,直接呼叫该 Skill 的名称或使用
/research-report触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: lite/full modes, multi-iteration report writing, PDF export via md2pdf, memory integration, structured logging
元数据
常见问题
Research Report Generator 是什么?
Research technical projects/papers and generate comprehensive reports with PDF export. Modes: lite (analysis + writing) or full (+ environment setup + experi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 781 次。
如何安装 Research Report Generator?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install research-report」即可一键安装,无需额外配置。
Research Report Generator 是免费的吗?
是的,Research Report Generator 完全免费(开源免费),可自由下载、安装和使用。
Research Report Generator 支持哪些平台?
Research Report Generator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Research Report Generator?
由 Yuno Wang(@huaruoji)开发并维护,当前版本 v1.0.0。
推荐 Skills