ClawHub

Overleaf CLI (olcli)

Security checks across malware telemetry and agentic risk

Overview

This Overleaf sync skill is useful and purpose-aligned, but it asks users to copy and store a live Overleaf login cookie without enough safety guidance.

Review before installing. Use only if you trust the external `olcli` package and are comfortable handling an Overleaf session cookie. Avoid putting the cookie in shell history, shared terminals, screenshots, project folders, or source control; protect any `.olauth` or config file; and prefer dry runs, backups, or status checks before `push`, `sync`, or force overwrite commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs users to extract and pass a live `overleaf_session2` browser session cookie directly into a CLI without clearly labeling it as a sensitive authentication secret. Session cookies are bearer credentials, so exposing them in shell history, logs, screenshots, or copied commands could allow account takeover of the user's Overleaf session.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill promotes `push`, `sync`, and overwrite-capable workflows without clearly warning that they can replace or propagate unintended local or remote changes. In a document-sync context, a mistaken command or wrong working directory can cause loss of manuscript edits or overwrite project state, especially when `sync` is bidirectional and `pull --force` is available elsewhere in the document.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The documentation instructs users to extract a live authenticated session cookie from browser developer tools and reuse it in a CLI, but it does not include any warning that this cookie is equivalent to account access or guidance on minimizing exposure. Because the cookie can authenticate as the user, broad copy/paste handling increases the chance of accidental disclosure via shell history, screenshots, shared terminals, or insecure local files.

Missing User Warnings

High
Confidence
98% confidence
Finding
This section documents multiple storage locations for a reusable authenticated session credential, including a current-directory `.olauth` file and a global config file, without warning about secrecy, filesystem permissions, multi-user environments, backups, or repository leakage. In this skill's context, the CLI is specifically intended for syncing Overleaf projects, so compromise of the session cookie could expose private papers, source files, and allow unauthorized project actions under the user's account.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal