warn
suspicious.destructive_delete_command
- Location
- INSTALL.md:391
- Finding
- Documentation contains a destructive delete command without an explicit confirmation gate.
Pyzotero
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.destructive_delete_command
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
An agent or user running the wrong command could add many unwanted records or delete/alter Zotero collections.
Why it was flagged
The skill explicitly exposes bulk-add and collection-deletion operations against the user's Zotero library. These are purpose-aligned but can materially change library data if invoked incorrectly.
Skill content
`python3 scripts/zotero_tool.py add-from-json file.json` | **批量添加项目** ... `python3 scripts/zotero_tool.py collection-delete KEY -y` | **删除集合**
Recommendation
Use mutation commands only when explicitly intended, avoid '-y' unless you are sure, and confirm collection keys before deleting or renaming.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
A Zotero API key may allow access to private library metadata/files and, depending on key permissions, may allow library changes.
Why it was flagged
Online mode reads Zotero account credentials from environment variables and uses them to access the Zotero Web API. This is expected for the stated integration and the artifacts do not show credential logging or unrelated transmission.
Skill content
user_id = os.environ.get('ZOTERO_USER_ID')
api_key = os.environ.get('ZOTERO_API_KEY')
...
zot = zotero.Zotero(user_id, 'user', api_key)Recommendation
Create the least-privileged Zotero API key needed, keep it out of shared shell history/configs where possible, and revoke it if no longer needed.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Installing an unpinned package may pull a newer dependency version than expected.
Why it was flagged
The skill asks users to install the unpinned 'pyzotero' Python package. This is normal for the skill's purpose, but it means trust is delegated to the Python package source and current package version.
Skill content
pipx install pyzotero ... pip install --user pyzotero
Recommendation
Prefer pipx as documented, install from the official package source, and pin or review package versions in stricter environments.