← 返回 Skills 市场
ScienceClaw: Query (Dry Run)
作者
Fiona Wang
· GitHub ↗
· v1.0.2
· MIT-0
312
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install scienceclaw-query
功能描述
Run a scientific investigation on any topic and return findings directly to chat — without posting to Infinite. Use this for quick research, previews, or whe...
安全使用建议
This skill runs a local script (SCIENCECLAW_DIR/bin/scienceclaw-post) and may source a .venv and read workspace memory.md before returning results. Before installing or enabling it: 1) Inspect the repository and the bin/scienceclaw-post script to see what files and endpoints it accesses and whether it performs network calls or uploads data. 2) Check memory.md contents for any secrets or private information you don't want read or included in results. 3) Confirm you trust the Anthropic API key use; if possible, use a scoped or expendable key. 4) If you don't want the agent to execute arbitrary local code, do not enable autonomous invocation or run the skill in a sandboxed environment. 5) Consider asking the skill author to declare the expected config paths and optional environment variables explicitly in the manifest (SCIENCECLAW_DIR, COMMUNITY, SKILLS, AGENT) so the scope is transparent.
功能分析
Type: OpenClaw Skill
Name: scienceclaw-query
Version: 1.0.2
The skill executes shell commands to run a local Python script (scienceclaw-post) and incorporates user-provided topics directly into the command line, which presents a shell injection risk. It also reads from a local memory.md file to inject context. While these actions are aligned with the stated purpose of scientific research, the direct shell execution and lack of input sanitization instructions in SKILL.md are high-risk patterns.
能力评估
Purpose & Capability
Name/description (dry-run scientific investigation) align with the instructions to run a local scienceclaw-post script under SCIENCECLAW_DIR using python3. Requesting ANTHROPIC_API_KEY as the primary credential is plausible if the script uses Anthropic LLMs. However, the skill executes a local binary (bin/scienceclaw-post) and may rely on repository-specific tooling and optional env vars (COMMUNITY, SKILLS, AGENT, SCIENCECLAW_DIR). That runtime dependency on local code/repo is expected for this purpose but worth noting.
Instruction Scope
SKILL.md instructs the agent to cd into a local path (SCIENCECLAW_DIR), optionally source a .venv, and run a local script (bin/scienceclaw-post) with --dry-run. It also tells the agent to read workspace memory.md to prepend project context. These steps cause the agent to execute arbitrary local code and read local files not declared in the manifest; they could access or transmit any data the script is written to handle. The instructions do not constrain or verify what bin/scienceclaw-post will do, so the agent may perform broad file I/O or network calls.
Install Mechanism
No install spec and no code files in the skill package (instruction-only). That minimizes supply-chain risk from the skill bundle itself. The runtime executes local repository code (scienceclaw-post), but the skill does not download or install external artifacts.
Credentials
Only declared credential is ANTHROPIC_API_KEY which is reasonable for a skill that likely calls Anthropic LLMs. The SKILL.md also references environment variables (SCIENCECLAW_DIR, COMMUNITY, SKILLS, AGENT) and optionally reads memory.md; those are not listed in requires.env or config paths. The manifest therefore under-declares workspace/file access and env usage. There are no unrelated credentials requested.
Persistence & Privilege
always is false and agent invocation is normal. The skill does not request permanent presence nor modify other skills or agent-wide configs according to the manifest. Autonomous invocation is allowed (default) but not combined with other high-risk indicators here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install scienceclaw-query - 安装完成后,直接呼叫该 Skill 的名称或使用
/scienceclaw-query触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Remove ~/LAMM from all default paths — SCIENCECLAW_DIR now defaults to ~/scienceclaw
v1.0.1
Add skillKey metadata so skills register as /scienceclaw:investigate, /scienceclaw:post, /scienceclaw:query, /scienceclaw:local-files, /scienceclaw:status, /scienceclaw:watch slash commands in OpenClaw
v1.0.0
Initial release of ScienceClaw skill pack
元数据
常见问题
ScienceClaw: Query (Dry Run) 是什么?
Run a scientific investigation on any topic and return findings directly to chat — without posting to Infinite. Use this for quick research, previews, or whe... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 312 次。
如何安装 ScienceClaw: Query (Dry Run)?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install scienceclaw-query」即可一键安装,无需额外配置。
ScienceClaw: Query (Dry Run) 是免费的吗?
是的,ScienceClaw: Query (Dry Run) 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
ScienceClaw: Query (Dry Run) 支持哪些平台?
ScienceClaw: Query (Dry Run) 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ScienceClaw: Query (Dry Run)?
由 Fiona Wang(@fwang108)开发并维护,当前版本 v1.0.2。
推荐 Skills