Back to skill
Skillv1.0.0
ClawScan security
Zotero Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 16, 2026, 12:23 PM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's files and runtime instructions are consistent with a Zotero integration: it reads a Zotero API key from a config file or env var and talks to local (localhost) and official Zotero endpoints; nothing appears to request unrelated credentials or contact unexpected external hosts.
- Guidance
- This skill appears to do what it says: it needs a Zotero API key (or the Zotero local API enabled) and will read that key from ~/.config/zotero (or from the ZOTERO_API_KEY env var) and call the Zotero APIs including local localhost:23119 and official zotero domains. Before installing: (1) Verify you are comfortable storing a Zotero API key in your home config directory or env var; use a read-only token (Read Library) as recommended. (2) Inspect and, if desired, remove or update the hardcoded Windows workspace path references in the scripts so they don't point to another user's directory. (3) Confirm you trust the author/source (homepage is missing). If you have any doubt, review the three Python files (zotero_search.py, zotero_import.py, zotero_diagnose.py) locally before running and rotate your Zotero token after testing. If you want the metadata to be more transparent, ask the publisher to declare the expected env var (ZOTERO_API_KEY) and config-file locations in the registry metadata.
Review Dimensions
- Purpose & Capability
- okName, description, SKILL.md and the Python scripts all implement Zotero operations (search, DOI import, collection lookup). The network calls are to translate.zotero.org, api.zotero.org and localhost (Zotero local API), which align with the declared purpose. Minor mismatch: SKILL metadata labels the skill as 'instruction-only' but several code files are present; functionally this is coherent but the metadata could be more accurate.
- Instruction Scope
- okRuntime instructions and code limit themselves to reading Zotero configuration files, local Zotero service endpoints (localhost:23119) and official Zotero web APIs. The SKILL.md explicitly instructs how to obtain and store an API key and to use the official API. The scripts do access local config paths (home dir and a Windows workspace path) and will make outbound HTTPS requests to Zotero domains — these actions are expected for the stated functionality.
- Install Mechanism
- okNo install spec or remote downloads are present; the skill ships scripts and docs in the bundle. No third‑party package fetches or archive extraction from untrusted URLs are used. This is low-install-risk.
- Credentials
- noteThe skill does not declare required environment variables in metadata, but the code reads an API key from ~/.config/zotero/api_key (or a workspace path) and from ZOTERO_API_KEY. This is proportionate to the functionality, but the metadata should document the env var / config-file expectation. Also note leftover hardcoded workspace path(s) (e.g., D:\Personal\OpenClaw\.config\zotero\api_key) included in search code — harmless but unnecessary and potentially confusing.
- Persistence & Privilege
- okThe skill does not request always:true and does not autonomously persist itself or modify other skills. It reads user config files and can prompt users to save API keys in ~/.config; it does not create system-level services or modify unrelated agent settings.