papersgpt-for-zotero
v1.0.1A privacy-first, local-first search assistant and MCP server for your Zotero library, enabling AI agents to search and analyze your research papers securely.
⭐ 4· 69·0 current·0 all-time
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name and description (local, privacy-first Zotero search/indexing) match the SKILL.md instructions: initialize by pointing at the Zotero storage, run pz search, and stop the background service. No unrelated credentials or binaries are requested.
Instruction Scope
Instructions focus on indexing local Zotero storage and running pz CLI commands (pz init, pz search, pz stop). However, the doc refers to running a background indexing/service (an 'MCP server') without describing whether it opens network ports, what it exposes, or what data (if any) it transmits externally. That omission is notable because a background server could expose local data unexpectedly.
Install Mechanism
There is no platform install spec; SKILL.md instructs the user to run npm install papersgpt-for-zotero. Installing an npm package is a reasonable route for a CLI tool, but npm packages can execute arbitrary code (postinstall scripts, background processes). The skill references a GitHub repo URL which is a known host, but the registry metadata lists the source as unknown and has no homepage in the registry — you should verify the package source and contents before running it.
Credentials
The skill requests no environment variables, credentials, or config paths beyond the Zotero storage directory (which the user supplies). There are no unexplained secret or cloud credential requests.
Persistence & Privilege
The skill does not request 'always: true' or autonomous platform privileges. It does instruct the user to start a background indexing service (pz init) that persists outside the agent's process — this is reasonable for a local search server but may create long-lived processes and potential network exposure; the SKILL.md does not describe how that persistence is managed or secured.
Assessment
This skill appears to do what it says (index and search your local Zotero storage), but it is instruction-only and tells you to install an external npm package and run a background service. Before installing or running it: 1) inspect the npm package and its GitHub repo (check the maintainer, recent commits, issues, and package.json scripts) to ensure there are no unexpected postinstall or remote-exfiltration behaviors; 2) run it in a contained environment (VM or container) first if you are unsure; 3) verify what network ports the background service opens and avoid exposing it to the public internet; 4) backup sensitive Zotero data before indexing; and 5) prefer installing packages from a verified source or official project page rather than unknown registry metadata. If you can provide the npm package name/version or the GitHub repo content, I can re-evaluate with higher confidence.Like a lobster shell, security has layers — review code before you run it.
latest
PapersGPT for Zotero Skill
PapersGPT for Zotero is a specialized research assistant designed to turn your local Zotero library into a searchable, intelligent knowledge base. It helps researchers find relevant materials, gain AI-driven insights, rapidly parse research papers, and streamline the literature review process.
Key Research Capabilities
- Effortless Discovery: Instantly search across your entire collection of research papers to find specific concepts or data points.
- AI-Powered Insights: Get synthesized insights from your personal library to accelerate your understanding of complex topics.
- Rapid Literature Review: Quickly identify key arguments, methodologies, or findings across multiple documents to build your literature reviews.
Installation
You can install PapersGPT for Zotero globally using npm. This will make the pz and pgz commands available in your terminal.
npm install papersgpt-for-zotero
After installation, ensure that you have your Zotero storage directory accessible and you are ready to use the pz command. More information please see https://github.com/papersgpt/papersgpt-for-zotero.
When to use
- Use PapersGPT for Zotero when you need to search, analyze, or synthesize information from your personal collection of research papers, PDFs, or academic notes stored in Zotero.
- Use it to accelerate literature reviews, find specific research findings, or quickly look up concepts across your local research database.
- Do not use this for searching the public internet or answering general knowledge questions outside your own document collection.
How to use
- Initialize: Run
pz initonce to link your Zotero storage and start the background indexing process.# Initialize with default Zotero path pz init # Initialize with a custom path pz init "/Users/name/Documents/Zotero/storage" - Search: Use
pz search "your research query"to perform a targeted search across your local files.# Find papers on a specific methodology pz search "Bayesian inference in clinical trials" # Look for specific findings or data points pz search "What is the baseline accuracy reported in the 2023 study?" - Analyze: Review the context snippets provided by the tool to synthesize answers or findings for your research work.
- Manage: Use
pz stopwhen you are finished to shut down the background service.pz stop
Workflow: Answering Research Questions
- Initialize: Run
pz initto ensure your library is indexed. - Search: Use
pz searchwith specific queries related to your current research focus. - Synthesize: Review the relevant snippets to gain insights or build arguments for your literature review.
- Cite: Always verify and cite your sources directly from your Zotero library.
Troubleshooting
- If
pz searchreturns no results, ensure you have initialized your library withpz init. - If performance seems slow initially, it may be due to the background indexing process. The system will become faster as more files are indexed.
Comments
Loading comments...