ClawHub
Back to skill

Security audit

zotero-skills

Security checks across malware telemetry and agentic risk

Overview

This skill is a Zotero paper-saving helper whose credential use and Zotero writes are disclosed and aligned with its purpose, though users should handle the Zotero API key carefully.

Install only if you are comfortable giving the skill a Zotero API key. Use a minimally scoped Zotero key, keep ZOTERO_CREDENTIALS out of logs and shared shells, and expect runs to send the provided paper metadata, summaries, tags, and arXiv PDFs to Zotero.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill uses sensitive environment credentials and network access but does not explicitly declare those permissions, reducing transparency and preventing proper policy enforcement. Hidden or undeclared capabilities make it easier for a user or orchestrator to underestimate the risk of credential handling and outbound data transmission.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The documented purpose says the skill saves paper metadata to Zotero, but the detected behavior also includes searching by URL, downloading PDFs from arXiv, uploading attachments, and adding AI-generated notes. This broader behavior expands data handling and network activity beyond what a user would reasonably expect, increasing the risk of silent external transfers or unintended content ingestion using stored credentials.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.