Pyzotero
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a disclosed Zotero management skill, but it can read and modify your Zotero library and may use Zotero API credentials, so use write/delete commands carefully.
Install only if you want an agent to access your Zotero library. Start with read/search commands, use the least-privileged Zotero API key for online mode, and review any add, rename, remove, or delete command before allowing it to run.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent or user running the wrong command could add many unwanted records or delete/alter Zotero collections.
The skill explicitly exposes bulk-add and collection-deletion operations against the user's Zotero library. These are purpose-aligned but can materially change library data if invoked incorrectly.
`python3 scripts/zotero_tool.py add-from-json file.json` | **批量添加项目** ... `python3 scripts/zotero_tool.py collection-delete KEY -y` | **删除集合**
Use mutation commands only when explicitly intended, avoid '-y' unless you are sure, and confirm collection keys before deleting or renaming.
A Zotero API key may allow access to private library metadata/files and, depending on key permissions, may allow library changes.
Online mode reads Zotero account credentials from environment variables and uses them to access the Zotero Web API. This is expected for the stated integration and the artifacts do not show credential logging or unrelated transmission.
user_id = os.environ.get('ZOTERO_USER_ID')
api_key = os.environ.get('ZOTERO_API_KEY')
...
zot = zotero.Zotero(user_id, 'user', api_key)Create the least-privileged Zotero API key needed, keep it out of shared shell history/configs where possible, and revoke it if no longer needed.
Installing an unpinned package may pull a newer dependency version than expected.
The skill asks users to install the unpinned 'pyzotero' Python package. This is normal for the skill's purpose, but it means trust is delegated to the Python package source and current package version.
pipx install pyzotero ... pip install --user pyzotero
Prefer pipx as documented, install from the official package source, and pin or review package versions in stricter environments.