Overleaf
v1.1.0Sync and manage Overleaf LaTeX projects from the command line. Pull projects locally, push changes back, compile PDFs, and download compile outputs like .bbl files for arXiv submissions. Use when working with LaTeX, Overleaf, academic papers, or arXiv.
⭐ 0· 1.1k·1 current·1 all-time
by@aloth
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (sync, compile, download .bbl) align with SKILL.md, README, and references. The package files reference olcli and link to expected install methods (Homebrew/npm). Nothing requested or included appears unrelated to Overleaf/LaTeX workflows.
Instruction Scope
SKILL.md contains concrete CLI commands limited to olcli operations (auth, pull, push, compile, output, etc.). It asks the user to obtain the Overleaf session cookie from the browser (necessary for session-cookie auth) and does not instruct reading unrelated system files or exfiltrating data to unknown endpoints.
Install Mechanism
There is no automated install spec in the skill bundle; included scripts/install.sh simply tries Homebrew then npm to install the upstream olcli. Both are reasonable, common distribution methods; the script does not download arbitrary archives or contact unknown hosts itself.
Credentials
The skill requires a session cookie (overleaf_session2) for authentication — this is proportionate to the stated purpose but is a sensitive credential. SKILL.md documents where olcli stores credentials (~/.config/olcli-nodejs/config.json and local .olauth) and an env var (OVERLEAF_SESSION). No unrelated credentials or env vars are requested.
Persistence & Privilege
always:false and user-invocable means it is not force-included. The skill does not request or attempt to modify other skills or system-wide agent settings. Allowing the agent to invoke the skill autonomously is normal for skills and not a concern here.
Assessment
This skill appears to be what it says: a wrapper around the olcli tool. Before installing, verify the upstream olcli project (GitHub, npm, Homebrew tap) to ensure you trust the binary you will install. Treat your Overleaf session cookie as a secret — do not paste it into untrusted chat or copies of the skill; prefer setting OVERLEAF_SESSION in your environment or using the olcli auth command locally. After authenticating, check where olcli stores credentials (~/.config/olcli-nodejs/config.json or .olauth) and secure those files (permissions). If you need stronger controls, investigate whether Overleaf offers token-based auth or OAuth instead of a browser session cookie. Finally, confirm the Homebrew tap and npm package authorship match the links in README before installing system-wide packages.Like a lobster shell, security has layers — review code before you run it.
latestvk978xt6439xswdtd9x0swfx3ps80qykm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.