citation-skills

SUSPICIOUS: the skill's core purpose is coherent, and the GitHub release install path is plausible for a Zotero plugin, but trust is weakened by limited release-verification evidence and especially by support for arbitrary custom API endpoints that can receive both research content and API keys. This is not confirmed malware, but it carries medium security risk due to credential/data routing flexibility and release provenance concerns.

The skill's stated purpose and capabilities are mostly aligned: it is a documentation-style guide for exposing Zotero data to an AI assistant through a local MCP server. The main concern is install-trust inconsistency: the guide's Node/npm clone-and-build path does not match the upstream project's current official Python/PyPI installation, which weakens provenance and may cause users to run stale or unintended code. Data flow is transparent and proportionate—local Zotero data can be forwarded to the chosen AI provider—but users should treat that as a privacy risk rather than malware. Overall this is better classified as suspicious/medium-risk documentation due to supply-chain inconsistency, not confirmed malicious behavior.