Back to skill

Security audit

zotero-openclaw

Security checks across malware telemetry and agentic risk

Overview

This Zotero helper appears to save user-provided paper details, optional summaries, and arXiv PDFs to the user's Zotero library as intended.

Install this only if you want an agent-assisted tool to write to your Zotero library. Use a Zotero API key with the least permissions needed, review paper URLs and AI summaries before saving them, and install pyzotero from a trusted Python environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill requires access to environment-stored credentials and performs networked operations against Zotero, but the manifest does not explicitly declare corresponding permissions. This weakens transparency and reviewability: users and policy engines may not realize the skill can read secrets and send data externally, increasing the risk of unintended credential use or data exfiltration.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose says the skill saves papers to Zotero, but the detected behavior goes further by querying existing library contents, attaching AI-generated notes, and downloading/uploading PDFs from external sources. This broader behavior materially changes the data handling and network risk profile, and users may provide credentials without understanding that the skill can fetch remote content and modify more than basic metadata.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.