ClawHub

Zotero Cli

v0.1.0

Command-line interface for Zotero - search your Zotero library, add/edit notes, read attachments, and manage bibliographic references from the terminal.

0· 1.2k·3 current·3 all-time
byKGTAF@killgfat
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (python3, zotcli/zotero-cli), pip/pipx install methods, and included helper scripts all align with a Zotero CLI tool. Required system access (Python, optional pandoc) is expected for this functionality.
Instruction Scope
SKILL.md and the scripts direct normal CLI actions: installing the package, running configuration (which prompts for Zotero userID/API key), searching, reading attachments, and backing up/restoring config. These instructions reference the expected config path (~/.config/zotcli/config.ini) and backup location (~/.zotero-cli-backups/) — this is coherent, but those scripts will read and store your API key and other config data, so review them before running to confirm behavior and permissions.
Install Mechanism
Install options are pip and pipx (pipx recommended) which are standard for Python CLIs. No downloads from untrusted URLs or obscure installers are specified. The README warns against dangerous pip flags (e.g., --break-system-packages).
Credentials
The skill requests no environment variables or external credentials in metadata. It legitimately requires the user to provide Zotero API credentials at runtime (via zotcli configure). No unrelated credentials or environment keys are requested by the skill.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent platform privileges or modify other skills. Scripts may suggest adding cron jobs or PATH entries (user-controlled actions) but those are optional and expected for automation.
Assessment
This skill is internally consistent with a Zotero CLI: it uses Python and installs via pip/pipx, and includes helper scripts for searching, exporting, backup, and update checks. Before installing or running: 1) verify the upstream repository (the SKILL lists a GitHub homepage) and that the package on PyPI/GitHub matches what you expect; 2) inspect the scripts (setup_and_check.sh, backup_restore.sh, update_check.sh) because they can run installation and networking operations and backup your config — backup_restore.sh explicitly stores ~/.config/zotcli/config.ini which contains your Zotero userID/API key, so ensure backups are written to a secure location with restrictive permissions; 3) prefer pipx or a virtualenv rather than system pip, and avoid dangerous flags like --break-system-packages; 4) if you plan to automate (cron) or run update checks, review those scripts to confirm what network endpoints they contact (PyPI/GitHub are expected) and whether they perform upgrades automatically. If you want extra assurance, review the actual script contents (they're included) or run them in a disposable VM/container first.

Like a lobster shell, security has layers — review code before you run it.

latestvk973bv7p8s7r1mnfnphj0282f980vsx4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📚 Clawdis
Binspython3
Any binzotcli, zotero-cli

Comments