ClawHub
Back to skill
v0.0.1

zotero-sholar

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:35 AM.

Analysis

The skill mostly matches its Zotero-saving purpose, but it uses a Zotero API key to write to your library and has weak URL validation before automatically downloading and uploading PDFs.

GuidanceReview this skill before installing. It appears purpose-aligned, but use a limited Zotero API key, only pass trusted paper URLs, and be aware that it can create Zotero items, notes, tags, and PDF attachments automatically. The PDF URL validation should be tightened before relying on it with untrusted metadata.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
scripts/save_paper.py
if 'arxiv.org' in args.url: ... urllib.request.urlretrieve(pdf_url, pdf_path) ... zot.attachment_simple([pdf_path], item_key)

A user-controlled URL triggers a network download and Zotero upload based only on a substring match, so a crafted URL containing 'arxiv.org' but pointing elsewhere could cause unintended content to be fetched and attached.

User impactAn agent or user could accidentally save a PDF from an unintended location into the Zotero account.
RecommendationValidate the URL with a URL parser, require HTTPS, require the hostname to be exactly arxiv.org or a known arXiv host, and consider requiring an explicit flag or confirmation before downloading and uploading attachments.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
scripts/save_paper.py
dependencies = ["pyzotero>=1.6.0"]

The skill relies on uv to auto-install a version-ranged external dependency when the script is run.

User impactFuture runs may install a newer pyzotero release than the one originally reviewed.
RecommendationPrefer a pinned dependency version or lockfile if reproducibility is important.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
需要配置 `ZOTERO_CREDENTIALS` 环境变量,格式为 `userID:apiKey`

The skill requires a Zotero user ID and API key, which grants account-level API access needed to create library items.

User impactAnyone or any agent with this environment variable can use the configured Zotero permissions to add items and attachments.
RecommendationUse a Zotero API key with the minimum permissions needed, rotate it if exposed, and only enable the skill for agents you trust to modify your Zotero library.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
scripts/save_paper.py
note_template['note'] = f"<h3>AI 摘要</h3><p>{args.summary}</p>"

AI-generated or user-supplied summary text is saved as a persistent Zotero note.

User impactUnreviewed summaries or instructions embedded in summaries can become persistent library content that may be read later by humans or other tools.
RecommendationReview summaries before saving them, avoid including secrets, and sanitize or escape note content if it may come from untrusted sources.