papersgpt-for-zotero

Security checks across malware telemetry and agentic risk

Overview

The skill has a coherent Zotero search purpose, but it asks users to install an external tool that indexes a private local research library in the background without enough detail about access boundaries or index retention.

Install only if you trust the npm package publisher and are comfortable indexing your Zotero library. Before use, verify that indexing stays local, which agents can connect to the MCP server, where indexes and logs are stored, how to delete them, and whether sensitive collections or notes can be excluded.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill directs users to run `pz init` to connect a Zotero storage directory and begin background indexing, but it does not explicitly disclose that the tool will read and process the contents of the user's local research library. Because Zotero collections often contain unpublished papers, notes, annotations, and sensitive research materials, this omission can lead users to expose private local data without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal