Back to skill
Skillv1.0.3
ClawScan security
zotero-pdf-upload · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 9, 2026, 4:59 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and credential needs align with its stated purpose (managing a Zotero web library and uploading PDFs); nothing in the bundle appears to request unrelated access or contact unexpected endpoints.
- Guidance
- This skill appears coherent for managing a Zotero library. Before installing/using: (1) Prefer supplying the API key via environment variable (ZOTERO_API_KEY) or a secret file rather than passing it on the command line to setup.py, because setup.py will write the key into config.json if you provide it as an argument. (2) Be aware that resolving a username-based personal URL uses GET /keys/{apiKey}, which places the key in the request URL and may appear in server logs — create a least-privilege key that only grants the required permissions. (3) Review and keep config.json and any secret files protected on disk. (4) Network access to api.zotero.org is required; verify your environment's outbound rules if that matters.
Review Dimensions
- Purpose & Capability
- okName/description (Zotero PDF upload + library management) matches the code and CLI: URL parsing, collection listing/matching, item creation, and optional PDF upload. The only credential requested is a Zotero API key (primaryEnv ZOTERO_API_KEY), which is appropriate for the stated integrations.
- Instruction Scope
- noteSKILL.md restricts operations to read-only inspection by default and requires explicit approval flags for writes/uploads. Runtime instructions reference only the skill directory config.json, Zotero API endpoints, and local PDF paths for attachments. One notable point: resolving a personal username URL uses GET https://api.zotero.org/keys/{apiKey}, which embeds the key in the URL (the SKILL.md correctly warns this may appear in server logs).
- Install Mechanism
- okNo install spec; scripts are instruction-run Python files. Nothing is downloaded from arbitrary URLs and no archives are extracted. This is low-risk from an install perspective.
- Credentials
- noteThe skill only requires a Zotero API key (ZOTERO_API_KEY) and a local config.json; that is proportionate. Caveat: the provided setup.py writes the API key into config.json by default if called with <URL> <API_KEY>, which may persist the key on disk. The SKILL.md recommends env/file precedence and not printing keys; follow that guidance (prefer env var or a secret file).
- Persistence & Privilege
- okalways:false and user-invocable:true. The skill does not request persistent system-wide privileges or modify other skills. It writes/reads its own config.json in the skill root (expected behavior).