ClawHub

zotero-openclaw

v1.0.0

将论文保存到 Zotero 文库,请按照 userid:apiKey 的格式配置 ZOTERO_CREDENTIALS 环境变量。

0· 185·0 current·0 all-time
bywangjiayu@little-cat1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is named and described as a Zotero paper-saver, requires Python and a ZOTERO_CREDENTIALS environment variable, and the included script uses pyzotero and that credential to write to Zotero — this is proportionate and expected.
Instruction Scope
SKILL.md directs the agent to run the provided Python script and to install pyzotero; the script only reads ZOTERO_CREDENTIALS and the CLI args, checks Zotero for duplicates, creates items/notes, and optionally downloads PDFs from arXiv. It does not read other environment variables or unrelated system files.
Install Mechanism
There is no automated install spec; the skill is instruction-only and asks the user to pip install pyzotero. No downloads from untrusted URLs or archive extraction are present in the package.
Credentials
Only ZOTERO_CREDENTIALS (userid:apiKey) is required and is the primary credential; this is appropriate for writing to a Zotero account. No unrelated secrets or config paths are requested.
Persistence & Privilege
always is false and the skill doesn't modify other skills or system configs. The skill can be invoked autonomously per platform default; this is normal but means it could write to your Zotero when invoked.
Assessment
This skill appears to do what it says: it uses the ZOTERO_CREDENTIALS you provide to add items (and optionally attach PDFs downloaded from arXiv) to your Zotero library. Before installing or using it: (1) treat your ZOTERO_CREDENTIALS like a secret — use a Zotero API key with the minimum needed scope (if possible) rather than a full master key; (2) review the script yourself (it is short and included) if you have any doubts; (3) be aware the agent can be invoked to run this skill and will then perform writes to your Zotero account; and (4) when supplying URLs ensure they are trustworthy (the script will download PDFs from the provided URL). If you want extra safety, create a limited-scope Zotero API key or run the script manually rather than allowing autonomous agent invocation.

Like a lobster shell, security has layers — review code before you run it.

latestvk970nej48d6a272sd3nm8kk835838zz5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📚 Clawdis
Binspython
EnvZOTERO_CREDENTIALS
Primary envZOTERO_CREDENTIALS

Comments