High-risk tools in Zotero Agent
2 of the 29 tools in Zotero Agent are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
install_plugin_from_urlExecuteDownload and install/upgrade a plugin XPI from an http(s):// or file:// URL reachable FROM the Zotero machine (dev loop). Installing an XPI is arbitrary code execution — require...
-
reload_pluginExecuteReload an installed Zotero plugin via AddonManager (dev loop). Omit addon_id to reload THIS MCP plugin itself — it replies first, then reloads after 500ms (connection drops brie...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.