ai-research-assistant
by lifan0127
Aria is Your AI Research Assistant Powered by GPT Large Language Models
1,693stars
115forks
JavaScript
Added 3/9/2026
AI Agentsai-assistantgptlarge-language-modelsresearch-paperzotero
Installation
# Add to your Claude Code skills
git clone https://github.com/lifan0127/ai-research-assistantSecurity ReportIssues
Last scanned: 4/26/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@babel/helpers: Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@babel/runtime: Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@eslint/plugin-kit: @eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@inquirer/editor: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@mapbox/node-pre-gyp: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@octokit/endpoint: @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@octokit/plugin-paginate-rest: @octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@octokit/request: @octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@octokit/request-error: @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@octokit/rest: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@xmldom/xmldom: xmldom: Uncontrolled recursion in XML serialization leads to DoS",
"severity": "high"
},
{
"type": "npm-audit",
"message": "addons-linter: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "ajv: ajv has ReDoS when using `$data` option",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "basic-ftp: Basic FTP has Path Traversal Vulnerability in its downloadToDir() method",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "bn.js: bn.js affected by an infinite loop",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion Regular Expression Denial of Service vulnerability",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "bumpp: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "c12: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "canvas: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "cipher-base: cipher-base is missing type checks, leading to hash rewind and passing on crafted data",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "compressing: Compressing Vulnerable to Arbitrary File Write via Symlink Extraction",
"severity": "high"
},
{
"type": "npm-audit",
"message": "defu: defu: Prototype pollution via `__proto__` key in defaults argument",
"severity": "high"
},
{
"type": "npm-audit",
"message": "elliptic: Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string)",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "epubjs: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "esbuild: esbuild enables any website to send any requests to the development server and read the response",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "eslint: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "external-editor: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "flatted: flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"severity": "high"
},
{
"type": "npm-audit",
"message": "form-data: form-data uses unsafe random function in form-data for choosing boundary",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "giget: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "glob: glob CLI: Command injection via -c/--cmd executes matches with shell:true",
"severity": "high"
},
{
"type": "npm-audit",
"message": "image-size: image-size Denial of Service via Infinite Loop during Image Processing",
"severity": "high"
},
{
"type": "npm-audit",
"message": "immutable: Immutable is vulnerable to Prototype Pollution",
"severity": "high"
},
{
"type": "npm-audit",
"message": "inquirer: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "js-yaml: js-yaml has prototype pollution in merge (<<)",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "lodash: Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
"severity": "high"
},
{
"type": "npm-audit",
"message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"severity": "high"
},
{
"type": "npm-audit",
"message": "nanoid: Predictable results in nanoid generation when given non-integer values",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "node-forge: node-forge has ASN.1 Unbounded Recursion",
"severity": "high"
},
{
"type": "npm-audit",
"message": "node-notifier: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "patch-package: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "pbkdf2: pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "pdfjs-dist: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"severity": "high"
},
{
"type": "npm-audit",
"message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "prismjs: PrismJS DOM Clobbering vulnerability",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "react-mentions: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "react-syntax-highlighter: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "refractor: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "release-it: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "sha.js: sha.js is missing type checks leading to hash rewind and passing on crafted data",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "tar: node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal",
"severity": "high"
},
{
"type": "npm-audit",
"message": "tmp: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
"severity": "low"
},
{
"type": "npm-audit",
"message": "typeorm: TypeORM vulnerable to SQL injection via crafted request to repository.save or repository.update",
"severity": "high"
},
{
"type": "npm-audit",
"message": "uuid: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "web-ext: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "yaml: yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "zotero-plugin-scaffold: Vulnerability found",
"severity": "high"
}
],
"status": "FAILED",
"scannedAt": "2026-04-26T06:11:18.387Z",
"semgrepRan": false,
"npmAuditRan": true,
"pipAuditRan": true
}A.R.I.A. (Aria) - Your AI Research Assistant
Aria is a Zotero plugin powered by Large Language Models (LLMs). A-R-I-A is the acronym of "AI Research Assistant" in reverse order.
Please make sure to choose the correct version based on your Zotero version:
- Zotero 6: https://github.com/lifan0127/ai-research-assistant/releases/tag/0.8.0
- Zotero 7: https://github.com/lifan0127/ai-research-assistant/releases/latest
Quickstart
The easist way to get started with Aria is to try one of the interactive prompts in the prompt library.
Features
Use Drag-and-Drop to Reference Your Zotero Items and Collections
Autocompletion for Creators (Authors), Tags, Items and More
Visual Analysis (GPT-4 Vision)
How to use Zotero area annotation to create a draggable area in PDF?
Save Chat as Notes and Annotations
Zotero and GPT Requirements
- Please note separate releases are available for Zotero 6 and 7:
- Zotero 6: https://github.com/lifan0127/ai-research-assistant/releases/tag/0.8.0
- Zotero 7: https://github.com/lifan0127/ai-research-assistant/releases/tag/v0.7.4
- Aria requires the OpenAI GPT-4 model family. (how can I access GPT-4?)
- The visual analysis feature requires the preview access to the GPT-4 Vision model.
Installation
For a detailed walkthrough of the installation process, please check out: https://twitter.com/MushtaqBilalPhD/status/1735221900584865904 (credit: Mushtaq Bilal, PhD - Syddansk Universitet)
- Download the latest release (.xpi file) from GitHub: https://github.com/lifan0127/ai-research-assistant/releases/latest
- In Zotero select Tools from the top menu bar, and then click on Addons.
- On the Add-ons Manager panel, click the gear icon at the top right corner and select Install Add-on From File
- Select the .xpi file you just downloaded and click Open which will start the installation process.
Quickstart
By default, Aria can be activated by clicking the 
button on Zoterol toolbar or through the "Shift + R" shortcut.
Before using Aria, you need to provide an OpenAI API Key. Follow the in-app instruction to add a key and restart Zotero. (screenshots)
After restart, you should see the activated Aria window (as shown above) and can start using it through conversations.
Preferences
Aria is configurable through Edit > Preferences > Aria. Please note that some changes require Zotero restart.
- Model Selection: Choose between the base GPT-4 model and the new GPT-4 Turbo model (Preview).
- Zoom Level: Adjust the zoom level to fit your screen resolution
- Keyboard shortcut: Change the keyboard shortcut combination to better fit your workflow.
Update
- Aria can perform automatic update when internet access is available. To check for available update, select Tools from the top menu bar, and then click on Addons.
- To manually update ARIA, click More under Aria and then click the gear icon at the top right corner. Select Check for Updates. (screenshots)
Limitations
The following are known limitations based on user feedback.
- Currently Aria can query your Zotero library through the Zotero search API. The ability to query the Zotero SQLite database for document count and other metrics will be delivered in a future release.
- Aria has limited awareness of your Zotero application state (selected item, current tab, highlighted text). However, you can use the drag-n-drop and the autocompeltion features to provide such context within your message.
Troubleshooting
Interaction with Zotero, in an open conversational manner and through a probabilistic model, can lead to many different, often unexpected outcomes. If you experience any error, please create an GitHub issue with a screenshot of the error message from your Aria chat window. Thank you!
-
"Agent stopped due to max iterations": For certain questions, the bot will make multiple API calls iteratively for response synthesis. Sometimes, it may fail to produce an answer before reaching the max iterations.
-
Aria tab not in Preferences panel: You may choose the Advanced tab in Preferences and open the Configuration Editor Under Advanced Configuration. From there, please search for "aria" and then double-click on the "extensions.zotero.aria.OPENAI_API_KEY" entry to add your OpenAI API Key.
Development
Refer to the Zotero Plugin Development guide to find instructions on how to setup the plugin in your local environment.
Feedback
You can now submit feedback and share your chat session to help improve Aria. Let's make Aria better together!
Comments (0)
to leave a comment.
No comments yet. Be the first to share your thoughts!
Related Skills
The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
168,615
26,135
JavaScript
AI Agentsai-agentsanthropic
An open-source AI agent that brings the power of Gemini directly into your terminal.
102,585
13,364
TypeScript
AI Agentsaiai-agents
A Claude Code plugin that automatically captures everything Claude does during your coding sessions, compresses it with AI (using Claude's agent-sdk), and injects relevant context back into future sessions.
68,734
5,858
TypeScript
AI Agentsaiai-agents
A light-weight and powerful meta-prompting, context engineering and spec-driven development system for Claude Code by TÂCHES.
58,158
4,929
JavaScript
AI Agentsclaude-codecontext-engineering