Security audit

本地导入PDF至Zotero文库

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed Zotero PDF import helper, with caution needed around automatic dependency installation and Zotero library changes.

Install only if you are comfortable enabling Zotero local app communication and letting the agent add selected PDFs to your library. Verify the Zotero port, target collection, folder path, and recursive setting before running imports. For tighter control, preinstall requests yourself in a virtual environment and avoid sharing check-command output if document titles or local paths are sensitive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: print("dep_requests=missing") if args.auto_install_deps: print("dep_requests=installing") r = subprocess.run([sys.executable, "-m", "pip", "install", "requests>=2.31.0"], capture_output=True, text=True) if r.returncode != 0: print("dep_requests=install_failed") print((r.stderr or r.stdout or "").strip()[:500])
Confidence: 84% confidence
Finding: r = subprocess.run([sys.executable, "-m", "pip", "install", "requests>=2.31.0"], capture_output=True, text=True)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The diagnostic command can install Python packages, which materially broadens the tool's capabilities beyond local Zotero import. In an agent setting, self-installing dependencies can alter the host environment, pull code from external repositories, and create unexpected execution paths inconsistent with least privilege.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to always run a self-check that may automatically execute 'pip install requests' before the main task, without a separate approval step. Automatic package installation modifies the host environment, may pull code from package indexes, and creates supply-chain and integrity risks, especially when triggered as a default workflow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.