Back to skill

Security audit

zotero-scholar-finder

Security checks across malware telemetry and agentic risk

Overview

This Zotero helper does what it says overall, but users should understand that it can write to their Zotero library and may automatically attach arXiv PDFs.

Install only if you are comfortable giving the skill a Zotero API key that can add items to your library. Use the narrowest Zotero API permissions practical, keep ZOTERO_CREDENTIALS out of shared files and logs, and be aware that arXiv links may cause the skill to download the PDF and upload it as an attachment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
81% confidence
Finding
The skill declares only runtime requirements in metadata but does not explicitly communicate or constrain that it will access environment secrets and make network requests. This weakens transparency and reviewability, making it easier for users or calling agents to grant broader capabilities than they realize, especially when credentials are involved.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented purpose is saving papers to Zotero, but the described behavior also includes duplicate-check queries, AI-summary note creation, automatic PDF download from arXiv, and attachment upload. Hidden or under-disclosed behavior is dangerous because it expands data collection and network activity beyond user expectations, potentially ingesting untrusted files and uploading more content to a third-party service than the user intended.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation instructs users to place Zotero API credentials in an environment variable but provides no warning about secret sensitivity, storage, logging, or scope. This increases the risk of accidental credential exposure through shell history, debug output, screenshots, shared environments, or overprivileged API keys.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.