Skillv0.1.0

ClawScan security

Zotero Cli · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:28 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's declared purpose (a Zotero command‑line client) matches the files, install methods, and runtime instructions; nothing requests unrelated credentials or surprising system access, though you should review scripts that read/store your Zotero API key and consider installation choices.
Guidance: This skill is internally consistent with a Zotero CLI: it uses Python and installs via pip/pipx, and includes helper scripts for searching, exporting, backup, and update checks. Before installing or running: 1) verify the upstream repository (the SKILL lists a GitHub homepage) and that the package on PyPI/GitHub matches what you expect; 2) inspect the scripts (setup_and_check.sh, backup_restore.sh, update_check.sh) because they can run installation and networking operations and backup your config — backup_restore.sh explicitly stores ~/.config/zotcli/config.ini which contains your Zotero userID/API key, so ensure backups are written to a secure location with restrictive permissions; 3) prefer pipx or a virtualenv rather than system pip, and avoid dangerous flags like --break-system-packages; 4) if you plan to automate (cron) or run update checks, review those scripts to confirm what network endpoints they contact (PyPI/GitHub are expected) and whether they perform upgrades automatically. If you want extra assurance, review the actual script contents (they're included) or run them in a disposable VM/container first.

Review Dimensions

Purpose & Capability: okName/description, required binaries (python3, zotcli/zotero-cli), pip/pipx install methods, and included helper scripts all align with a Zotero CLI tool. Required system access (Python, optional pandoc) is expected for this functionality.
Instruction Scope: noteSKILL.md and the scripts direct normal CLI actions: installing the package, running configuration (which prompts for Zotero userID/API key), searching, reading attachments, and backing up/restoring config. These instructions reference the expected config path (~/.config/zotcli/config.ini) and backup location (~/.zotero-cli-backups/) — this is coherent, but those scripts will read and store your API key and other config data, so review them before running to confirm behavior and permissions.
Install Mechanism: okInstall options are pip and pipx (pipx recommended) which are standard for Python CLIs. No downloads from untrusted URLs or obscure installers are specified. The README warns against dangerous pip flags (e.g., --break-system-packages).
Credentials: okThe skill requests no environment variables or external credentials in metadata. It legitimately requires the user to provide Zotero API credentials at runtime (via zotcli configure). No unrelated credentials or environment keys are requested by the skill.
Persistence & Privilege: okalways is false and the skill is user-invocable. It does not request persistent platform privileges or modify other skills. Scripts may suggest adding cron jobs or PATH entries (user-controlled actions) but those are optional and expected for automation.