Zotero Vectorize

Security checks across malware telemetry and agentic risk

Overview

This skill locally builds Zotero search indexes as advertised, but the generated files can contain private library metadata, PDF text, database snapshots, and local paths.

Install only if you are comfortable creating persistent local copies of Zotero metadata, PDF text chunks, embeddings, and database snapshots. Use a private output directory, avoid syncing the generated files to shared cloud folders unless intentional, and manage Python dependencies in a virtual environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This code persists potentially sensitive Zotero-derived content to disk, including item metadata, embedding text built from titles/abstracts/authors/tags/URLs/DOIs, and a metadata file that records local filesystem paths such as the Zotero data directory, database path, storage path, and output directory. In a local indexing skill this may be expected functionality, but it still creates a confidentiality risk because the stored JSON/README artifacts can expose reading history, research topics, and host-specific paths without any built-in minimization, redaction, permission hardening, or explicit consent flow in this file.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal