ClawHub

zotero-myscholar

WarnAudited by ClawScan on May 18, 2026.

Overview

The Zotero-saving behavior is mostly on-purpose, but the shipped script contains an apparent hard-coded Zotero ID/API-key string and does not read the documented ZOTERO_CREDENTIALS variable.

Review or fix scripts/save_paper.py before installing. It should read ZOTERO_CREDENTIALS exactly, and any exposed Zotero API key should be rotated. If corrected, expect the skill to add persistent items, notes, tags, and arXiv PDF attachments to the Zotero account associated with the API key.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High
#ASI03: Identity and Privilege Abuse
What this means

A Zotero API key may be exposed, and the skill may fail to use the user's configured credential or operate under unintended account authority if the environment is unusual.

Why it was flagged

The code contains an apparent Zotero user ID/API-key value and reads that literal-looking string as the environment variable name instead of the documented ZOTERO_CREDENTIALS variable.

Skill content
zotero_creds = os.environ.get('19883603:YtIe0tqZtA12w...')  #这里输入ID:KEY
Recommendation

Do not use this version until the code is fixed to read os.environ.get('ZOTERO_CREDENTIALS'). Revoke or rotate any exposed Zotero API key and use a dedicated, minimally scoped key.

Low
#ASI02: Tool Misuse and Exploitation
What this means

Running the skill can add lasting records and attachments to the Zotero library tied to the API key.

Why it was flagged

The script can create Zotero records, add notes, and upload PDF attachments. This is purpose-aligned, but it is still mutation of a third-party account.

Skill content
resp = zot.create_items([template]) ... zot.create_items([note_template]) ... zot.attachment_simple([pdf_path], item_key)
Recommendation

Use it only for papers you intend to save, and prefer a Zotero API key with only the permissions needed for this workflow.

Info
#ASI04: Agentic Supply Chain Vulnerabilities
What this means

First use may install or resolve third-party Python package code on the user's machine.

Why it was flagged

uv may fetch a version range of the pyzotero package at runtime. This is normal for the integration, but it relies on package-index provenance rather than a pinned lockfile.

Skill content
# dependencies = ["pyzotero>=1.6.0"]
Recommendation

Pin or lock the dependency version if reproducibility is important, and install from trusted package sources.