Skillv0.0.1

ClawScan security

本地导入PDF至Zotero文库 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 1:02 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill does what it says: a local Zotero PDF importer that talks to Zotero's local connector and (read-only) the Zotero sqlite; its requirements and behavior are proportionate to the described purpose.
Guidance: This skill appears consistent with its description. Before installing/run: 1) Ensure Zotero desktop is running and 'Allow local applications to communicate with Zotero' is enabled and you know the port. 2) The agent/script will read any file paths you provide and will read your zotero.sqlite file in read-only mode for the 'check' command — don't point it at files you don't want read. 3) If 'doctor --auto-install-deps' is used the tool may run pip to install 'requests' (network access to PyPI). 4) The tool imports only into existing collections (it will not create collections). If you are comfortable with these local file and optional pip actions, the skill is coherent with its purpose.

Review Dimensions

Purpose & Capability: okName/description align with the code and instructions: the tool posts local PDF bytes to the Zotero local connector on 127.0.0.1, lists collections via the connector API, and can read zotero.sqlite in read-only mode to check recent attachments — all coherent with 'import PDFs into Zotero'.
Instruction Scope: noteSKILL.md requires the agent to parse natural-language inputs into structured args (file paths, port, collection). It instructs the agent to run a 'doctor --auto-install-deps' step that may invoke pip install. The script will read any file paths the user supplies and will open the local Zotero connector endpoint; the 'check' command reads the provided zotero.sqlite in read-only mode. These behaviors are expected for the stated task but mean the agent/script will access local files and may install a dependency if missing.
Install Mechanism: noteThere is no formal install spec (instruction-only), which is low risk. The script can auto-install the 'requests' package by invoking pip when run with --auto-install-deps; that will reach out to the Python package index if needed. This is proportionate but means network access during dependency installation.
Credentials: okThe skill requests no secrets or external credentials and only optionally reads ZOTERO_PORT (fallback 23119). No unrelated environment variables or credentials are required.
Persistence & Privilege: okalways is false and the skill does not request persistent system-level privileges or modify other skills. It only performs transient actions when invoked.