← 返回 Skills 市场
agents365-ai

Scholar Deep Research

作者 Agents365.ai · GitHub ↗ · v0.5.0 · MIT-0
cross-platform ⚠ suspicious
153
总下载
0
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install scholar-deep-research
功能描述
Use when the user asks for a literature review, academic deep dive, research report, state-of-the-art survey, topic scoping, comparative analysis of methods/...
安全使用建议
This skill appears to implement a legitimate multi-source literature-review workflow, but it performs two behaviors you should review before installing: 1) Automatic update: Phase 0 runs scripts/check_update.py which does a git fetch and can fast-forward the skill repository before or during a run. That means code executed by your agent could change when the skill auto-updates. If you want a fixed codebase, set SCHOLAR_SKIP_UPDATE_CHECK=1 (documented in SKILL.md) and pin the repo to a commit. 2) External script execution and undeclared env-vars: The code may shell out to helper scripts (e.g., paper-fetch) discovered at configurable paths (~/.claude/skills/paper-fetch/scripts/fetch.py or PAPER_FETCH_SCRIPT). SKILL.md also references env vars (SCHOLAR_SKIP_UPDATE_CHECK, SCHOLAR_MAILTO, PAPER_FETCH_SCRIPT) even though the skill metadata lists none. Before running, inspect the repository locally (especially scripts/check_update.py and scripts/extract_pdf.py) to confirm exactly what network calls and subprocess executions they make. Practical recommendations: - Review the scripts in the repo locally (check_update.py, extract_pdf.py, and any subprocess calls) before installing. - Run the skill in an isolated environment (container or VM) the first time, with SCHOLAR_SKIP_UPDATE_CHECK=1 to avoid auto-updates until you're comfortable. - If you do allow updates, monitor the repo's upstream history and consider installing from a release tag rather than the branch HEAD. - Be aware the skill will write research_state.json and .last_update_check to the skill directory; ensure the install path has appropriate permissions and is isolated from sensitive data. Given these surprises (auto-updating code, undeclared env vars, and optional shelling to other local scripts), treat the skill as useful but with elevated operational risk unless you pin or audit it first.
功能分析
Type: OpenClaw Skill Name: scholar-deep-research Version: 0.5.0 The skill bundle implements a legitimate academic research workflow but contains high-risk behaviors that warrant caution. Specifically, `check_update.py` performs an automated `git pull` to update the skill's own code from its repository, which introduces a supply-chain risk via remote code modification. Additionally, `extract_pdf.py` uses `subprocess.run` to execute an external script (`fetch.py`) discovered by searching through various hidden directories associated with other AI agent skills (e.g., `~/.claude/skills/paper-fetch/`). While these features are documented and support the stated goals of maintenance and interoperability, they represent significant attack surfaces for lateral execution and unauthorized code updates.
能力标签
cryptocan-make-purchasesrequires-sensitive-credentials
能力评估
Purpose & Capability
Name, description, and included scripts (OpenAlex/arXiv/Crossref/PubMed search, PDF extraction, dedupe, ranking, citation-chasing, templated report export) are coherent and appropriate for a 'deep research' skill. Required binary is only python3 which is appropriate.
Instruction Scope
SKILL.md instructs the agent to run multiple scripts that read/write a persistent research_state.json and to run scripts that perform network calls to scholarly APIs (expected). However Phase 0 unconditionally runs scripts/check_update.py which performs a git fetch and may fast-forward the skill repository (network + code modification) before the run; SKILL.md also references shelling out to external helper scripts (paper-fetch path) and environment variables (SCHOLAR_SKIP_UPDATE_CHECK, PAPER_FETCH_SCRIPT, SCHOLAR_MAILTO) that are not declared. These behaviors expand scope beyond pure 'search and report' into updating and executing code on disk and executing other local scripts.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the README and SKILL.md assume the repo will be git-cloned and that users will pip install -r requirements.txt. The only upstream code fetches mentioned use a well-known host (GitHub). The risk here is not obscure URLs but the fact the skill itself will run git fetch/fast-forward (check_update.py) and can cause the code on disk to change automatically; this is traceable but worth warning about.
Credentials
Registry requires no env vars, but the SKILL.md and docs reference multiple environment settings (SCHOLAR_SKIP_UPDATE_CHECK to pin versions, PAPER_FETCH_SCRIPT to discover an external fetch script, SCHOLAR_MAILTO for polite-pool/unpaywall) and optional flags (--email, --api-key). Those env-vars are plausible for a research tool but they are not declared in requires.env. The skill also writes state files and a .last_update_check in the skill root (normal for resumable workflows) — users should expect local file writes.
Persistence & Privilege
The skill persists state in research_state.json and a .last_update_check file (expected). Concern arises because Phase 0 runs check_update.py which performs a git fetch and may fast-forward the repository (changing code on disk) automatically at runtime unless pinned by SCHOLAR_SKIP_UPDATE_CHECK. The skill does not request 'always:true', and it does not require cloud credentials, but automatic code updates during activation increase the attack surface and should be considered a privilege.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install scholar-deep-research
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /scholar-deep-research 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.5.0
Two rounds of agent-native CLI hardening on top of 0.3.0. Round 1 (0.4.0): - Fix broken Phase-0 bootstrap command, CSL-JSON NameError, 7-phase vs 8-phase drift - Phase gates G1..G7 are now enforced code (scripts/_gates.py) accessed via `advance` subcommand - Single-writer state: every mutation goes through research_state.apply_* library functions - Atomic locked writes (scripts/_locking.py) make concurrent Phase 1 searches race-free - load_state validates schema_version and shape; apply_ingest validates payload - build_citation_graph escalates upstream_error when all seeds fail - Lazy httpx imports so --schema works without the dep Round 2 (0.5.0): - Auto-populated envelope meta (request_id, latency_ms, cli_version, schema_version) - export_bibtex TTY-detects and emits envelope on captured stdout; --raw forces raw text - init --force now requires paired --dangerous acknowledgement - --idempotency-key on every mutating command; --dry-run on rank + replay subcommands - Gate failures carry a next: [commands] hint for zero-discovery recovery - Schema surfaces cli_version + per-subcommand since/tier - check_update self-throttles to once per 24h (asta-skill pattern) Breaking changes: - init --force requires paired --dangerous on existing state files - set --field phase is rejected (use advance) - save_state removed from research_state.py (use apply_* API) Rubric score: 22/28 → 28/28 on the agent-native-cli rubric.
v0.3.0
feat: DOI resolution via paper-fetch / Unpaywall in extract_pdf.py
v0.2.1
fix: remove deprecated host_venue field from OpenAlex API calls
v0.2.0
Agent-native CLI contract: unified JSON envelope, stable exit codes (0/1/2/3/4), --schema introspection on every script, fail-loud HTTP errors, per-source saturation with min_rounds gate, --idempotency-key cache on citation graph with signature-mismatch guard, env-var trust boundary (SCHOLAR_STATE_PATH / SCHOLAR_MAILTO / NCBI_API_KEY / SCHOLAR_CACHE_DIR), research_state set gated to a 3-field whitelist. Rubric score 9/28 → 24/28.
v0.1.0
Initial release: 7-phase script-driven academic research workflow with multi-source federation (OpenAlex/arXiv/Crossref/PubMed), transparent ranking, citation chasing, mandatory self-critique, 5 report archetypes, and BibTeX export
元数据
Slug scholar-deep-research
版本 0.5.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 5
常见问题

Scholar Deep Research 是什么?

Use when the user asks for a literature review, academic deep dive, research report, state-of-the-art survey, topic scoping, comparative analysis of methods/... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 153 次。

如何安装 Scholar Deep Research?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install scholar-deep-research」即可一键安装,无需额外配置。

Scholar Deep Research 是免费的吗?

是的,Scholar Deep Research 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Scholar Deep Research 支持哪些平台?

Scholar Deep Research 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Scholar Deep Research?

由 Agents365.ai(@agents365-ai)开发并维护,当前版本 v0.5.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论