ai-research-assistant

Name: ai-research-assistant
Author: lifan0127

by lifan0127

Issues

Aria is Your AI Research Assistant Powered by GPT Large Language Models

1,700stars

116forks

JavaScript

Added 3/9/2026

View on GitHub Download ZIP Scan for vulnerabilities

AI Agentsai-assistantgptlarge-language-modelsresearch-paperzotero

Installation

# Add to your Claude Code skills
git clone https://github.com/lifan0127/ai-research-assistant

Getting Started

Guides for using ai agents skills like ai-research-assistant.

Caveman: Cut Claude Token Use by 65%
How agent-side prompt compression works, when to use it, and when not to.
What is an AI Skills Marketplace?
Definitions, how marketplaces work, and how to choose between them in 2026.
Getting Started with AI Skills

Security ReportIssues

Last scanned: 4/26/2026

{
  "issues": [
    {
      "type": "npm-audit",
      "message": "@babel/helpers: Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@babel/runtime: Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@eslint/plugin-kit: @eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "@inquirer/editor: Vulnerability found",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "@mapbox/node-pre-gyp: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@octokit/endpoint: @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@octokit/plugin-paginate-rest: @octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@octokit/request: @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@octokit/request-error: @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@octokit/rest: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@xmldom/xmldom: xmldom: Uncontrolled recursion in XML serialization leads to DoS",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "addons-linter: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "ajv: ajv has ReDoS when using `$data` option",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "basic-ftp: Basic FTP has Path Traversal Vulnerability in its downloadToDir() method",
      "severity": "critical"
    },
    {
      "type": "npm-audit",
      "message": "bn.js: bn.js affected by an infinite loop",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "brace-expansion: brace-expansion Regular Expression Denial of Service vulnerability",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "bumpp: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "c12: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "canvas: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "cipher-base: cipher-base is missing type checks, leading to hash rewind and passing on crafted data",
      "severity": "critical"
    },
    {
      "type": "npm-audit",
      "message": "compressing: Compressing Vulnerable to Arbitrary File Write via Symlink Extraction",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "defu: defu: Prototype pollution via `__proto__` key in defaults argument",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "elliptic: Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string)",
      "severity": "critical"
    },
    {
      "type": "npm-audit",
      "message": "epubjs: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "esbuild: esbuild enables any website to send any requests to the development server and read the response",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "eslint: Vulnerability found",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "external-editor: Vulnerability found",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "flatted: flatted vulnerable to unbounded recursion DoS in parse() revive phase",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "form-data: form-data uses unsafe random function in form-data for choosing boundary",
      "severity": "critical"
    },
    {
      "type": "npm-audit",
      "message": "giget: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "glob: glob CLI: Command injection via -c/--cmd executes matches with shell:true",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "image-size: image-size Denial of Service via Infinite Loop during Image Processing",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "immutable: Immutable is vulnerable to Prototype Pollution",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "inquirer: Vulnerability found",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "js-yaml: js-yaml has prototype pollution in merge (<<)",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "lodash: Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "nanoid: Predictable results in nanoid generation when given non-integer values",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "node-forge: node-forge has ASN.1 Unbounded Recursion",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "node-notifier: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "patch-package: Vulnerability found",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "pbkdf2: pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos",
      "severity": "critical"
    },
    {
      "type": "npm-audit",
      "message": "pdfjs-dist: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "prismjs: PrismJS DOM Clobbering vulnerability",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "react-mentions: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "react-syntax-highlighter: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "refractor: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "release-it: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "sha.js: sha.js is missing type checks leading to hash rewind and passing on crafted data",
      "severity": "critical"
    },
    {
      "type": "npm-audit",
      "message": "tar: node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "tmp: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "typeorm: TypeORM vulnerable to SQL injection via crafted request to repository.save or repository.update",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "uuid: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "web-ext: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "yaml: yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "zotero-plugin-scaffold: Vulnerability found",
      "severity": "high"
    }
  ],
  "status": "FAILED",
  "scannedAt": "2026-04-26T06:11:18.387Z",
  "semgrepRan": false,
  "npmAuditRan": true,
  "pipAuditRan": true
}

README.md

Agentic AI for Beginners

Build your first AI agent from scratch - tool use, ReAct pattern, memory, deployment

41 minBeginner

Comments (0)

to leave a comment.

No comments yet. Be the first to share your thoughts!

Related Skills

ECC

by affaan-m

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

213,760

build-your-own-openclaw Thinking_in_Java_MindMapping

A.R.I.A. (Aria) - Your AI Research Assistant

Downloads latest release

Aria is a Zotero plugin powered by Large Language Models (LLMs). A-R-I-A is the acronym of "AI Research Assistant" in reverse order.

Please make sure to choose the correct version based on your Zotero version:

Aria

Quickstart

The easist way to get started with Aria is to try one of the interactive prompts in the prompt library.

Prompt Library

Features

Use Drag-and-Drop to Reference Your Zotero Items and Collections

Drag and Drop

Autocompletion for Creators (Authors), Tags, Items and More

Autocompletion

Visual Analysis (GPT-4 Vision)

How to use Zotero area annotation to create a draggable area in PDF?

Visual Analysis

Save Chat as Notes and Annotations

Zotero and GPT Requirements

Please note separate releases are available for Zotero 6 and 7:
- Zotero 6: https://github.com/lifan0127/ai-research-assistant/releases/tag/0.8.0
- Zotero 7: https://github.com/lifan0127/ai-research-assistant/releases/tag/v0.7.4
Aria requires the OpenAI GPT-4 model family. (how can I access GPT-4?)
The visual analysis feature requires the preview access to the GPT-4 Vision model.

Installation

For a detailed walkthrough of the installation process, please check out: https://twitter.com/MushtaqBilalPhD/status/1735221900584865904 (credit: Mushtaq Bilal, PhD - Syddansk Universitet)

Download the latest release (.xpi file) from GitHub: https://github.com/lifan0127/ai-research-assistant/releases/latest
In Zotero select Tools from the top menu bar, and then click on Addons.
On the Add-ons Manager panel, click the gear icon at the top right corner and select Install Add-on From File
Select the .xpi file you just downloaded and click Open which will start the installation process.

Quickstart

By default, Aria can be activated by clicking the button on Zoterol toolbar or through the "Shift + R" shortcut.

Before using Aria, you need to provide an OpenAI API Key. Follow the in-app instruction to add a key and restart Zotero. (screenshots)

After restart, you should see the activated Aria window (as shown above) and can start using it through conversations.

Preferences

Aria is configurable through Edit > Preferences > Aria. Please note that some changes require Zotero restart.

Model Selection: Choose between the base GPT-4 model and the new GPT-4 Turbo model (Preview).
Zoom Level: Adjust the zoom level to fit your screen resolution
Keyboard shortcut: Change the keyboard shortcut combination to better fit your workflow.

Aria

Update

Aria can perform automatic update when internet access is available. To check for available update, select Tools from the top menu bar, and then click on Addons.
To manually update ARIA, click More under Aria and then click the gear icon at the top right corner. Select Check for Updates. (screenshots)

Limitations

The following are known limitations based on user feedback.

Currently Aria can query your Zotero library through the Zotero search API. The ability to query the Zotero SQLite database for document count and other metrics will be delivered in a future release.
Aria has limited awareness of your Zotero application state (selected item, current tab, highlighted text). However, you can use the drag-n-drop and the autocompeltion features to provide such context within your message.

Troubleshooting

Interaction with Zotero, in an open conversational manner and through a probabilistic model, can lead to many different, often unexpected outcomes. If you experience any error, please create an GitHub issue with a screenshot of the error message from your Aria chat window. Thank you!

"Agent stopped due to max iterations": For certain questions, the bot will make multiple API calls iteratively for response synthesis. Sometimes, it may fail to produce an answer before reaching the max iterations.
Aria tab not in Preferences panel: You may choose the Advanced tab in Preferences and open the Configuration Editor Under Advanced Configuration. From there, please search for "aria" and then double-click on the "extensions.zotero.aria.OPENAI_API_KEY" entry to add your OpenAI API Key.

Development

Refer to the Zotero Plugin Development guide to find instructions on how to setup the plugin in your local environment.

Feedback

You can now submit feedback and share your chat session to help improve Aria. Let's make Aria better together!

Visual Analysis