Skillv1.0.3

ClawScan security

social media scholar (zotero) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 23, 2026, 3:38 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements, instructions, and included script are consistent with its stated purpose of extracting citations from social-media posts and saving items to a Zotero library.
Guidance: This skill appears coherent for saving papers to Zotero, but review these before installing: - You must provide a Zotero library credential (library_id:api_key). Prefer creating a dedicated API key with limited permissions for this tool. - On macOS the script reads the keychain entry 'openclaw-zotero'; on other OSs it reads ZOTERO_CREDENTIALS from the environment. Verify the key you store is correct and scoped appropriately. - The skill (via instructions) will fetch and snapshot arbitrary URLs you provide. Only share links you trust; the agent will download content (e.g., arXiv PDFs) when saving attachments. - Dependencies: install pyzotero in a trusted Python environment (pip install pyzotero). Review the included script if you want to confirm behavior (it performs Zotero API calls and PDF downloads but does not send data to unknown third-party endpoints). - If you want stricter safety, run the script manually in a controlled environment or create a Zotero test account/library before granting access to your primary library.

Review Dimensions

Purpose & Capability: okThe skill claims to extract paper metadata from social-media links and save to Zotero; it requires Python and a Zotero credential and includes a script (save_paper.py) that uses pyzotero to create items and attach PDFs. The use of macOS 'security' keychain and an environment variable fallback (ZOTERO_CREDENTIALS) matches the described configuration options.
Instruction Scope: noteSKILL.md instructs the agent to fetch page content (via web_fetch or browser automation + snapshot) and optionally parse screenshots/ocr; that is appropriate for extracting citations but does grant the skill authority to access arbitrary user-shared URLs and page snapshots. The script itself only processes provided metadata/URL and downloads PDFs (arXiv) and does not perform OCR—OCR/advanced scraping is described as an agent action rather than implemented in the script.
Install Mechanism: noteThere is no automatic installer in the registry; the metadata recommends installing pyzotero via pip. Requiring a standard pip package (pyzotero) is proportional, but the user or host must install dependencies manually (pip install pyzotero). No downloads from untrusted URLs or archive extraction are present.
Credentials: okThe skill only requests a single credential (ZOTERO_CREDENTIALS / keychain entry) which is necessary to write to a Zotero library. The credential format (library_id:api_key) is consistent with the script. No unrelated secrets or config paths are requested.
Persistence & Privilege: okalways is false and the skill does not request elevated or permanent presence. disable-model-invocation is false (normal). The skill does not modify other skills or system-wide settings.