Back to skill
Skillv1.0.2
ClawScan security
arXiv to Zotero · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 17, 2026, 7:30 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's declared purpose (finding arXiv papers and importing new ones to Zotero) matches the files, runtime instructions, and required credentials; requested access is proportional and there is no installation or network behavior that contradicts the description.
- Guidance
- This skill appears coherent: it will ask for a Zotero API key and then run the bundled Python script once to search arXiv and create new Zotero items (including attempts to attach PDFs using curl). Before installing: 1) confirm you are comfortable granting the Zotero API key (create a key with the minimal necessary permissions and revoke it later if needed); 2) review the bundled scripts (scripts/main.py) if you want to audit exact network calls and file writes; 3) be aware the skill will create a setup-state at ~/.openclaw/config/skills/arxiv-to-zotero.setup.json and may write non-secret defaults into the skill's config.json; 4) consider running with a small import cap (config.import_policy.max_new_items) or dry-run to verify behavior; and 5) if you do not want the agent to invoke the skill autonomously, disable autonomous invocation in your agent settings.
Review Dimensions
- Purpose & Capability
- okName/description (arXiv → Zotero) align with required binaries (python3, curl), the single required environment variable (ZOTERO_API_KEY), the included script (scripts/main.py), and the documented behavior (search arXiv, dedupe against Zotero, create collection, upload PDFs). The Zotero API key is the expected credential for this function.
- Instruction Scope
- okSKILL.md instructs the agent to collect keywords/time range, build a single arXiv query, and invoke the bundled script once. It restricts external network targets (arXiv, arXiv PDF URLs, Zotero API) and documents read/write paths (config.json, ~/.openclaw/.env, setup-state). The instructions do not ask the agent to read unrelated local files or exfiltrate secrets to third-party endpoints.
- Install Mechanism
- okNo install spec is provided (instruction-only with bundled script), so nothing arbitrary is downloaded or executed beyond the included Python script and a curl subprocess for PDF downloads. This is a low-risk approach given the script is bundled in the package.
- Credentials
- okOnly ZOTERO_API_KEY is required and declared as the primary credential; that is a proportionate requirement for writing to a Zotero account. The SKILL.md/setup.md describe where to put the key (~/.openclaw/.env) and the other Zotero config values are non-secret and stored in config.json. No unrelated credentials are requested.
- Persistence & Privilege
- okalways:false (not force-included). The skill writes a per-skill setup-state file and may update its own config.json; it does not request system-wide privileges or modify other skills. Autonomous invocation (disable-model-invocation:false) is the platform default and not by itself a problem.