Back to skill

Security audit

Zotero Citation / 文献引用助手

Security checks across malware telemetry and agentic risk

Overview

This skill has no harmful code, but its Zotero purpose is undermined by generic upsell content and unrelated affiliate promotions.

Review this carefully before installing: it does not appear to execute malicious code, and VirusTotal/static scans are clean, but it reads more like promotional material than a functional Zotero skill. Avoid clicking the unrelated commercial links unless you independently trust them, and expect little actual citation-management capability from this version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill documentation includes unrelated affiliate-style promotions for VPS hosting and stock/crypto trading, which are outside the declared Zotero citation-management purpose. This creates a supply-chain trust issue: users may be socially engineered into visiting external commercial links from within a developer tool context, and the mismatch strongly suggests the skill is being used to distribute advertising rather than only its stated functionality.

Description-Behavior Mismatch

Low
Confidence
82% confidence
Finding
The documentation contains generic upsell language for paid tiers, AI agents, and enterprise offerings that exceeds the stated scope of a Zotero citation skill. While less severe than the unrelated affiliate links, this still degrades trust and can mislead users about the skill's purpose, increasing the likelihood that a seemingly simple skill is being used as a marketing vehicle.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.