Security audit

zotero-pdf-upload

Security checks across malware telemetry and agentic risk

Overview

This Zotero skill does what it claims, but users should handle its Zotero API key carefully because setup can store it locally in plaintext.

Install only if you are comfortable giving the skill Zotero library access. Prefer setting ZOTERO_API_KEY or using a protected secret file instead of storing the key inline, create a least-privilege Zotero key, and review each write command before approving collection, item, or PDF upload changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The setup script accepts a Zotero API key on the command line and writes it directly into config.json in plaintext. This creates a real credential exposure risk because command-line arguments may be visible in shell history or process listings, and the resulting file can be accidentally committed, copied, or read by other local users.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal