ClawHub
Back to skill
v1.0.0

Zotero

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:56 AM.

Analysis

The skill is coherent for Zotero library management, but users should understand it can read and change their Zotero library using an API key.

GuidanceThis appears to be a legitimate Zotero management skill. Before installing, create a Zotero API key with the minimum permissions needed, confirm whether it targets your personal or group library, use dry-run and limit options for bulk operations, and be especially careful with update, force, upload, and permanent-delete commands.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
`delete` | Move items to trash ... `update` | Modify item metadata/tags ... `delete KEY1 --permanent --yes`

The documented commands can modify, bulk add, trash, or permanently delete Zotero items. This is purpose-aligned and disclosed, with some safeguards, but it is still high-impact account mutation capability.

User impactMistaken commands could change metadata, add unwanted entries, attach PDFs, or delete references from the Zotero library.
RecommendationReview item keys and collection scope before write operations, start with dry-run or small limits where available, and avoid `--permanent`, `--force`, or bulk actions unless explicitly intended.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
metadata
Source: unknown
Homepage: none

The registry metadata does not provide a verifiable source repository or homepage, which is a provenance gap for a skill that handles API credentials and account mutations.

User impactIt is harder to verify the publisher, maintenance history, or upstream changes before trusting the skill with a Zotero API key.
RecommendationReview the included script before use, prefer a least-privilege API key, and keep a known-reviewed copy if you depend on the skill.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
Requires two environment variables:

ZOTERO_API_KEY ...
ZOTERO_USER_ID ...

For group libraries, set `ZOTERO_GROUP_ID` instead of `ZOTERO_USER_ID`.

The skill needs a Zotero API key and user or group library identifier, which is expected for Zotero Web API management but grants account-level library access depending on the key permissions.

User impactIf the key has write permissions, the skill can read and modify a personal or group Zotero library.
RecommendationUse a Zotero API key with only the permissions needed, verify whether it targets a user or group library, and revoke or rotate the key when no longer needed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
Optional env var for CrossRef/Unpaywall polite pool ... `CROSSREF_EMAIL` ... Tries three legal OA sources in order: Unpaywall → Semantic Scholar → DOI content negotiation.

The skill discloses external provider calls for DOI lookup and open-access PDF discovery, which may send citation metadata, DOIs, and optionally an email address to third-party services.

User impactPrivate or unpublished bibliography details could be revealed to external lookup services during DOI/PDF workflows.
RecommendationUse DOI/PDF lookup features only for references you are comfortable querying externally, and scope operations with `--limit` or `--collection` when possible.