ClawHub

Pyzotero

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Zotero library management skill, but users should handle Zotero API keys carefully and review write or delete commands before running them.

Install only if you are comfortable giving the tool access to your Zotero library. Prefer local mode when possible. For online mode, create a least-privilege Zotero API key, avoid storing it in shared dotfiles, do not echo it in terminals or logs, and review collection delete, rename, and bulk add commands before execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The changelog explicitly documents use of `ZOTERO_API_KEY` and online mode but does not warn that the key is a secret or that queries and library metadata will be transmitted to Zotero's Web API over the network. In a skill context, users may copy-paste examples into shell profiles or shared environments, increasing the chance of credential leakage, accidental logging, or unintended remote data exposure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The example instructs users to export a Zotero API key directly in the shell environment without any warning about secret sensitivity, shell history, shared terminals, or process/environment leakage. While common in quickstart docs, this can lead to accidental credential exposure in screenshots, terminal logs, shell history, CI logs, or multi-user systems.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The troubleshooting section encourages echoing environment-derived values, including account identifiers, without caution about privacy or accidental disclosure. Although it does not print the API key itself in the shown lines, this normalizes secret/debug output patterns and may expose identifying information in shared terminals, logs, bug reports, or screenshots.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide tells users to persist a private Zotero API key in shell startup files such as ~/.bashrc. That practice leaves long-lived credentials stored in plaintext on disk and automatically loaded into every shell session, increasing the chance of accidental disclosure through backups, dotfile syncing, shell debugging, process inheritance, or local compromise.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The uninstall section includes a recursive force-delete command targeting a path under /root without clearly warning that it permanently removes the entire skill directory. In administrative contexts, users may copy or adapt such commands carelessly, and small path mistakes with rm -rf can cause irreversible data loss.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The quickstart tells users to place a private Zotero API key into an environment variable but does not warn that shell commands may be stored in history, exposed to other local users via process inspection in some contexts, or accidentally persisted in profile files. This can lead to unintended credential disclosure and unauthorized access to the user's Zotero library through the Web API.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The document suggests adding common commands to `~/.bashrc` or `~/.zshrc` for convenience, while the nearby command list includes `ZOTERO_API_KEY`. Without a warning, users may persist a long-lived private API key in plaintext shell startup files, increasing the chance of compromise through backups, dotfile sync, local disclosure, or accidental sharing.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The README instructs users to export and use a Zotero Web API key but does not mention that the key is sensitive, should not be hardcoded, logged, committed, or shared. In a skill intended for automation and CLI use, this omission increases the chance of accidental credential exposure through shell history, screenshots, scripts, or repository files.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal