ClawHub
Back to skill

Security audit

arXiv to Zotero

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it searches arXiv and imports new papers into Zotero using a disclosed Zotero API key, with no hidden unrelated behavior found.

Install only if you want this skill to create Zotero items, attachments, and an arxiv-to-zotero collection. Use a minimally scoped Zotero API key, keep ~/.openclaw/.env private, and avoid setting run.export_summary_path to a shared location because summaries may reveal your research topics and Zotero import details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill performs sensitive actions—reading environment secrets, reading and writing local files, making network requests, and invoking a shell command—yet it does not declare explicit permissions. This creates a transparency and policy-enforcement gap: users and the hosting platform may not realize the full capability surface, especially because the skill can access `ZOTERO_API_KEY`, write setup state, and trigger external network/API operations.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill can write a detailed JSON summary to an arbitrary configured path, including queries, paper metadata, import results, cache details, and possibly operational errors. In this skill context, those records may reveal a user's research interests, Zotero item keys, and workflow behavior to other local users or processes if stored insecurely.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The setup guide instructs the operator to store a live Zotero API key in a local plaintext env file, but provides no warning that this is a sensitive credential or guidance on limiting file permissions and avoiding accidental disclosure. That increases the chance of credential leakage through backups, logs, screen sharing, or overly broad filesystem access, even though storing secrets locally is sometimes operationally necessary.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal