← Back to Skills Marketplace
ResearchClaw
by
dongsheng123132
· GitHub ↗
· v1.0.0
· MIT-0
253
Downloads
0
Stars
3
Active Installs
1
Versions
Install in OpenClaw
/install researchclaw
Description
Autonomous research pipeline skill for Claude Code. Given a research topic, orchestrates 23 stages end-to-end: literature review, hypothesis generation, expe...
Usage Guidance
This skill's docs describe a heavy, runnable pipeline (CLI + Python package) that executes generated code locally or over SSH and uses your LLM API key, but the published bundle contains only instructions and no code or install info. Before using: 1) Do not run --auto-approve or ssh_remote unless you trust the source and control the remote host/keys. 2) Ask the publisher for the canonical source repository, an install method (trusted package or GitHub release), and for explicit declarations of required environment variables (LLM key name, SSH key usage). 3) Inspect any config.yaml you create for embedded secrets and avoid putting primary API keys in unencrypted files. 4) If you test it, run in an isolated VM/container with no sensitive data and without network access to untrusted hosts. If the author cannot provide source code or a trusted install artifact, treat this skill as unsafe to run.
Capability Analysis
Type: OpenClaw Skill
Name: researchclaw
Version: 1.0.0
The skill facilitates autonomous code generation and execution via local subprocesses and remote SSH connections, which are high-risk capabilities (SKILL.md). It explicitly encourages bypassing human oversight using an '--auto-approve' flag and manages sensitive LLM API keys. While these features align with the stated goal of an autonomous research pipeline, the execution of unvetted AI-generated code on local or remote infrastructure without mandatory sandboxing presents a significant security risk.
Capability Assessment
Purpose & Capability
The SKILL.md describes a full CLI and Python package (researchclaw CLI, researchclaw.* modules) and a 23-stage pipeline that runs code and exports artifacts, but the registry entry contains no binaries, no code files, and no install spec. The skill also references needing an LLM API key but the manifest lists no required environment variables or primary credential. This is an incoherent packaging: either the package is missing from the registry or the instructions expect tools that are not provided.
Instruction Scope
Runtime instructions tell the agent to create/modify config.yaml, read/write artifacts, execute generated experiment code via subprocess (sandbox) or run experiments remotely over SSH (ssh_remote), and to use an LLM API key from config or env. Those actions enable arbitrary code execution and remote commands. The SKILL.md does not limit or explicitly declare the credentials, SSH keys, Python interpreter, or packages required, nor does it constrain where outputs are sent.
Install Mechanism
There is no install spec and no code files. That reduces installation risk but is inconsistent with instructions that require a CLI binary and Python package. If the skill expects a preinstalled third-party package, that expectation should be declared. The absence of an install mechanism makes it unclear how the runtime components would be provided, creating a coherence problem and possible risk if users attempt to fetch/install artifacts from unknown sources to satisfy these instructions.
Credentials
Manifest lists no required env vars, yet instructions require the user's LLM API key (in config.yaml or via an env var), reference experiment.sandbox.python_path with numpy, and support ssh_remote mode (which implies SSH credentials). Required secrets/keys are not declared. The skill's ability to execute generated code and run SSH commands means access to sensitive credentials or environments would be particularly impactful; those privileges should be explicitly declared and justified.
Persistence & Privilege
The skill does not request permanent 'always' inclusion and has no install shim, which is appropriate. However, the pipeline supports an --auto-approve flag that bypasses human gates and the skill is allowed to be invoked autonomously (platform default). Combined with the ability to execute code and perform SSH remote runs, auto-approval + autonomous invocation increases operational risk and should be constrained by the user.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install researchclaw - After installation, invoke the skill by name or use
/researchclaw - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: 23-stage autonomous research pipeline skill
Metadata
Frequently Asked Questions
What is ResearchClaw?
Autonomous research pipeline skill for Claude Code. Given a research topic, orchestrates 23 stages end-to-end: literature review, hypothesis generation, expe... It is an AI Agent Skill for Claude Code / OpenClaw, with 253 downloads so far.
How do I install ResearchClaw?
Run "/install researchclaw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ResearchClaw free?
Yes, ResearchClaw is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does ResearchClaw support?
ResearchClaw is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ResearchClaw?
It is built and maintained by dongsheng123132 (@dongsheng123132); the current version is v1.0.0.
More Skills