Back to skill

Security audit

WoS Zotero Literature Hunter

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Zotero import helper for academic papers, with real credential-handling risks users should manage carefully.

Install only if you are comfortable letting the agent use an authenticated browser session and a Zotero API key that can write to your library. Use a dedicated Zotero key with the minimum permissions needed, avoid notes access unless required, prefer a safer secret-passing method if you modify the script, run --dry-run first, and review the target collection name and paper list before importing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs use of both shell execution and network access, including passing a Zotero API key on the command line and making requests to external services. Because no permissions are explicitly declared, users and policy systems may not get an accurate warning about these capabilities, increasing the chance of unintended execution with sensitive credentials or outbound data transfer.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior does not accurately match the implemented workflow: it claims a WoS search-and-filter skill, but also relies on an external enrichment service and an import script that can process externally supplied data. This mismatch undermines informed consent and security review, because users may approve the skill expecting only WoS browsing while it also performs additional network operations and data handling with privileged Zotero credentials.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.