Back to skill

Security audit

Zotero MCP

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local Zotero helper, but it can expose your Zotero library contents to the agent and depends on a globally installed npm package.

Install only if you trust the zotero-mcp npm package and are comfortable letting the agent read your Zotero library, including notes, PDFs, and annotations. Use it on trusted machines, keep Zotero's local API disabled when not needed, and avoid pasting or sharing command output that contains sensitive research data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs users to enable Zotero's local API and provides commands that can retrieve items, collections, PDF content, and annotations, but it does not warn that any local client able to reach `127.0.0.1:23119` may access sensitive research metadata and document contents. In this context, the omission is security-relevant because the skill is specifically about exposing and querying a personal literature database, which may contain private papers, notes, and annotations.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The examples query a local Zotero HTTP API and print titles, collections, item metadata, and annotation search results without any privacy warning or access-scope guidance. While this appears to be normal product documentation rather than malicious behavior, it can cause users to disclose sensitive research interests, library structure, or PDF annotation content if they run the examples without understanding the privacy implications.

VirusTotal

No VirusTotal findings

View on VirusTotal