← 返回 Skills 市场
josephyb97

ScholarGraph

作者 Josephyb97 · GitHub ↗ · v1.4.3
cross-platform ⚠ suspicious
1144
总下载
1
收藏
12
当前安装
8
版本数
在 OpenClaw 中安装
/install scholargraph
功能描述
Academic literature intelligence toolkit for multi-source paper search, analysis, and knowledge graph building with AI assistance.
安全使用建议
This skill appears coherent for academic literature tasks, but take these precautions before installing: 1) Verify the upstream source: the SKILL.md points to a GitHub repo — confirm the repo and its recent commits match the package you get. 2) Inspect package.json for postinstall or install scripts that run arbitrary commands. 3) Run installation and execution in a sandboxed environment (container or VM) the first time. 4) Only provide API keys you control and prefer minimally-scoped/read-only keys; avoid pasting high-privilege credentials. 5) If you rely on privacy, remember the tool performs network calls and persists a local SQLite DB (data/knowledge-graphs.db by default); review or override the configured paths. 6) If you need higher assurance, review the omitted files and any network endpoints they call to check for unexpected telemetry or data exfiltration.
功能分析
Type: OpenClaw Skill Name: scholargraph Version: 1.4.3 The ScholarGraph skill is a comprehensive academic research toolkit that integrates with numerous academic APIs and uses local SQLite for data persistence. However, it exhibits high-risk behavior in 'paper-viz/scripts/pdf-figure-extractor.ts' and 'paper-viz/scripts/ppt-exporter.ts', where it dynamically constructs Python scripts using string interpolation and executes them via sub-processes ('spawn'). While this logic is intended to facilitate PDF image extraction and PPT generation, the lack of robust sanitization for variables like 'pdfPath' and 'outputDir' within the Python string templates could potentially allow for code injection if an agent is directed to process maliciously named files or metadata. No evidence of intentional malice or data exfiltration was found, but the execution pattern is inherently risky.
能力评估
Purpose & Capability
Name/description match the code and modules: multi-source search, PDF download, concept extraction, analysis, and knowledge-graph building. Required binary (bun) and the AI_PROVIDER env var align with the project's LLM-driven CLI implementation. Optional API keys correspond to the many academic sources the skill integrates with.
Instruction Scope
Runtime instructions and code request network and filesystem access (downloading PDFs, writing a local SQLite DB, saving configs) and they send structured system prompts to LLM providers — this is expected for an LLM-based literature tool. The SKILL.md and code do include explicit system-role prompts (e.g., '只返回JSON格式'), which the repo uses to shape LLM output; that's legitimate here but is the single identified prompt-injection pattern the scanner flagged. No code in the reviewed snippets attempts to read unrelated system state (shell history, other services' credentials) or to POST collected data to unknown endpoints, but a full audit of omitted files (61 omitted) and package.json scripts is recommended.
Install Mechanism
Install uses bun install and a verify command (bun run cli.ts --help), which is typical for a Bun/TypeScript project. This avoids arbitrary archive downloads. However, the registry summary said 'instruction-only' while the package contains many source files and an install entry in SKILL.md — verify what the registry metadata actually installs. Check package.json for any postinstall scripts before running.
Credentials
The skill declares AI_PROVIDER as required and lists many optional API keys (OpenAI, Semantic Scholar, NCBI, IEEE, Serper/SerpAPI, Unpaywall, etc.). Those optional variables are justified by the many external data adapters in the code. No unrelated credentials (e.g., AWS keys, SSH keys) are requested. Still: only provide keys you trust and restrict them (use read-only or scoped keys if available).
Persistence & Privilege
The skill requests filesystem persistence (writes configs and a local SQLite DB) and stores data locally; registry flags show always:false and no special platform privileges. It does not request permanent platform-wide inclusion. This persistence is reasonable for a knowledge-graph tool.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install scholargraph
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /scholargraph 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.4.3
No changes detected in this version. - Version 1.4.3 does not include any file modifications or content updates. - All features, technical details, and documentation remain unchanged.
v1.4.2
ScholarGraph 1.4.2 Changelog - Added a new Security & Privacy section to documentation, clearly detailing permissions (network, filesystem, LLM, Python). - Metadata now explicitly declares required/optional binaries, environment variables, open source license, and security notes. - No code changes and no feature changes were made in this release—documentation and metadata only. - Updated project metadata to include open source repository, license, and feature requirements.
v1.4.1
No user-facing changes or file modifications in this release. - Version bump to 1.4.1 with no detected file changes. - No new features, fixes, or adjustments in this update.
v1.4.0
ScholarGraph v1.3.1 introduces advanced interactive visualizations for papers and knowledge graphs. - Added Paper Visualization: Generate interactive HTML slide presentations and PPT exports from paper analyses, with responsive design, themes, and keyboard navigation. - Added Interactive Knowledge Graphs: Render knowledge graphs using D3.js v7 with zoom/pan, node dragging, live detail panels, and paper-slide preview bridges. - New scripts for graph and paper visualization (HTML/JS/PPTX) and test coverage for visual components. - Updated documentation to highlight new visualization and bridging capabilities.
v1.3.0
**ScholarGraph 1.3.0 – Major multi-source literature search and knowledge graph upgrade** - Added 11-source academic search with adapter-based architecture: arXiv, Semantic Scholar, OpenAlex, PubMed, CrossRef, DBLP, IEEE, CORE, Google Scholar, Unpaywall, Web. - Introduced complementary search strategy with domain auto-detection and domain-prioritized search source selection. - Added AI-powered review paper detection, automatic concept extraction, and integrated review-to-knowledge-graph workflow. - Implemented PDF download with multi-strategy URL resolution (direct, Unpaywall, OpenAlex, CORE). - Added SQLite-based persistent knowledge graph storage with bidirectional concept-paper indexing and advanced query features. - Expanded advanced modules: review detector, concept extractor, graph management, and high-performance search/graph workflows.
v1.1.1
- Added new file: index.js - Introduced metadata block to SKILL.md, including emoji and required bins/env for easier integration - Updated SKILL.md to add a concise description suitable for registry and tool annotation - No changes to core features or CLI/API functionality
v1.1.0
ScholarGraph 1.1.0 — Major upgrade with advanced features and multi-provider AI support. - Added 10 new files, including shared utility modules, type definitions, error handling, and test documentation. - Introduced support for 15+ AI providers and new extensible configuration options. - Expanded skill set with advanced features: concept and paper comparison, critique, and learning path finding. - Improved multi-format output (Markdown, JSON, Mermaid) and advanced CLI/API usage. - Separated shared logic (AI providers, validation, errors) for enhanced maintainability. - Included extensive test documentation and setup/testing guides.
v1.0.0
ScholarGraph 1.0.0 — Initial Release - Launches an AI-driven toolkit for transforming academic literature into interactive knowledge graphs. - Enables semantic literature search across major databases (arXiv, PubMed, Semantic Scholar). - Extracts insights, methods, claims, and citations from PDFs and abstracts. - Visualizes research connections and trends through dynamic graphs. - Identifies literature gaps and emerging research concepts. - Includes modules for search, analysis, visualization, tracking, and concept detection.
元数据
Slug scholargraph
版本 1.4.3
许可证
累计安装 12
当前安装数 12
历史版本数 8
常见问题

ScholarGraph 是什么?

Academic literature intelligence toolkit for multi-source paper search, analysis, and knowledge graph building with AI assistance. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1144 次。

如何安装 ScholarGraph?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install scholargraph」即可一键安装,无需额外配置。

ScholarGraph 是免费的吗?

是的,ScholarGraph 完全免费(开源免费),可自由下载、安装和使用。

ScholarGraph 支持哪些平台?

ScholarGraph 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 ScholarGraph?

由 Josephyb97(@josephyb97)开发并维护,当前版本 v1.4.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论