← 返回 Skills 市场
ResearchClaw
作者
dongsheng123132
· GitHub ↗
· v1.0.0
· MIT-0
253
总下载
0
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install researchclaw
功能描述
Autonomous research pipeline skill for Claude Code. Given a research topic, orchestrates 23 stages end-to-end: literature review, hypothesis generation, expe...
安全使用建议
This skill's docs describe a heavy, runnable pipeline (CLI + Python package) that executes generated code locally or over SSH and uses your LLM API key, but the published bundle contains only instructions and no code or install info. Before using: 1) Do not run --auto-approve or ssh_remote unless you trust the source and control the remote host/keys. 2) Ask the publisher for the canonical source repository, an install method (trusted package or GitHub release), and for explicit declarations of required environment variables (LLM key name, SSH key usage). 3) Inspect any config.yaml you create for embedded secrets and avoid putting primary API keys in unencrypted files. 4) If you test it, run in an isolated VM/container with no sensitive data and without network access to untrusted hosts. If the author cannot provide source code or a trusted install artifact, treat this skill as unsafe to run.
功能分析
Type: OpenClaw Skill
Name: researchclaw
Version: 1.0.0
The skill facilitates autonomous code generation and execution via local subprocesses and remote SSH connections, which are high-risk capabilities (SKILL.md). It explicitly encourages bypassing human oversight using an '--auto-approve' flag and manages sensitive LLM API keys. While these features align with the stated goal of an autonomous research pipeline, the execution of unvetted AI-generated code on local or remote infrastructure without mandatory sandboxing presents a significant security risk.
能力评估
Purpose & Capability
The SKILL.md describes a full CLI and Python package (researchclaw CLI, researchclaw.* modules) and a 23-stage pipeline that runs code and exports artifacts, but the registry entry contains no binaries, no code files, and no install spec. The skill also references needing an LLM API key but the manifest lists no required environment variables or primary credential. This is an incoherent packaging: either the package is missing from the registry or the instructions expect tools that are not provided.
Instruction Scope
Runtime instructions tell the agent to create/modify config.yaml, read/write artifacts, execute generated experiment code via subprocess (sandbox) or run experiments remotely over SSH (ssh_remote), and to use an LLM API key from config or env. Those actions enable arbitrary code execution and remote commands. The SKILL.md does not limit or explicitly declare the credentials, SSH keys, Python interpreter, or packages required, nor does it constrain where outputs are sent.
Install Mechanism
There is no install spec and no code files. That reduces installation risk but is inconsistent with instructions that require a CLI binary and Python package. If the skill expects a preinstalled third-party package, that expectation should be declared. The absence of an install mechanism makes it unclear how the runtime components would be provided, creating a coherence problem and possible risk if users attempt to fetch/install artifacts from unknown sources to satisfy these instructions.
Credentials
Manifest lists no required env vars, yet instructions require the user's LLM API key (in config.yaml or via an env var), reference experiment.sandbox.python_path with numpy, and support ssh_remote mode (which implies SSH credentials). Required secrets/keys are not declared. The skill's ability to execute generated code and run SSH commands means access to sensitive credentials or environments would be particularly impactful; those privileges should be explicitly declared and justified.
Persistence & Privilege
The skill does not request permanent 'always' inclusion and has no install shim, which is appropriate. However, the pipeline supports an --auto-approve flag that bypasses human gates and the skill is allowed to be invoked autonomously (platform default). Combined with the ability to execute code and perform SSH remote runs, auto-approval + autonomous invocation increases operational risk and should be constrained by the user.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install researchclaw - 安装完成后,直接呼叫该 Skill 的名称或使用
/researchclaw触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: 23-stage autonomous research pipeline skill
元数据
常见问题
ResearchClaw 是什么?
Autonomous research pipeline skill for Claude Code. Given a research topic, orchestrates 23 stages end-to-end: literature review, hypothesis generation, expe... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 253 次。
如何安装 ResearchClaw?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install researchclaw」即可一键安装,无需额外配置。
ResearchClaw 是免费的吗?
是的,ResearchClaw 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
ResearchClaw 支持哪些平台?
ResearchClaw 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ResearchClaw?
由 dongsheng123132(@dongsheng123132)开发并维护,当前版本 v1.0.0。
推荐 Skills