Is Zotero Mcp safe to use?

Zotero Mcp is rated ALLOW_WITH_RISK by SpiderRating. Zotero Mcp has risks — usable with isolation (3.99/10, 0 critical, 1 high).

What are the security risks of Zotero Mcp?

Key risk flags: hardcoded_credential (high), ts_input_reflection (medium). Overall security score: 8.6/10 with 0 critical issues.

Are there safer alternatives to Zotero Mcp?

Similar tools include: hartlco/miniflux-news, abstract-sum/obsidian-clip, aiwithabidi/freshdesk. View full comparison at spiderrating.com.

Zotero Mcp

cookjohn/zotero-mcpMIT⭐ 510🔧 44 tools

D4.0SpiderScore (registry)

Use cases:kb-memory api-integration

Decision

Allow with Risk

Confidence

90%

Zotero Mcp has risks — usable with isolation (3.99/10, 0 critical, 1 high).

Recommended Actions

medium
Review Before Production
Moderate quality score — manual review recommended

Risk Flags (2)

high
hardcoded_credential
Hardcoded credential -- secret value embedded in source code
medium
ts_input_reflection×2
User input reflected directly in tool output -- may enable prompt injection via reflection

How This Was Decided

negativew=0.5Overall quality score = 3.99/10 (grade D)
negativew=0.51 high-severity issue(s) detected
negativew=0.3Tool description clarity score = 1.8/10

Source: SpiderRating automated security scanUpdated: 2026-03-21Protocol: v1.1

Description Quality

Composite: 1.8 / 10

3-Layer Breakdown

Description (38%)

1.8

Security (34%)

8.6

Metadata (28%)

8.4

Description Dimensions

Intent Clarity

2.5

Permission Scope

0.0

Side Effects

2.0

Capability Disclosure

2.7

Operational Boundaries

2.1

Security Analysis

8.6

Score

Critical

High

Medium

Low

Findings Redacted

Detailed security findings are hidden during the 90-day responsible disclosure window. Maintainers have been notified.

2 MEDIUM1 HIGH

Metadata Health

Provenance (40%)

9.0

Maintenance (35%)

9.0

Popularity (25%)

6.8

Badge

Add this badge to your README:

[![SpiderRating](https://spiderrating.com/badge/cookjohn__zotero-mcp.svg)](https://spiderrating.com/servers/cookjohn/zotero-mcp)

🛡️

Protect Your Agents

Get a free API key. Every MCP tool call checked against 15,923 rated servers in real-time.

Get Free API Key →

📊

Monitor All Your Servers

Dashboard for your entire MCP portfolio. Score tracking, alerts, and compliance reports.

Start Free Trial →

⭐

Scan Locally (Open Source)

Run SpiderShield on your own machine. 46+ security rules, zero data leaves your system.

Star on GitHub →

Similar Servers

Miniflux Newshartlco/miniflux-news

6.0C

Obsidian Clipabstract-sum/obsidian-clip

6.0C

Freshdeskaiwithabidi/freshdesk

6.0C

Qbittorrentjmagar/qbittorrent

5.9C

Mcp Lineartacticlaunch/mcp-linear

6.0D