Back to skill
Skillv1.1.0
ClawScan security
Overleaf · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:12 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with an Overleaf CLI wrapper: its instructions, files, and install hints match the stated purpose and there are no unexplained permissions or installs, but the session cookie it asks you to provide is sensitive and should be handled carefully.
- Guidance
- This skill appears to be what it says: a wrapper around the olcli tool. Before installing, verify the upstream olcli project (GitHub, npm, Homebrew tap) to ensure you trust the binary you will install. Treat your Overleaf session cookie as a secret — do not paste it into untrusted chat or copies of the skill; prefer setting OVERLEAF_SESSION in your environment or using the olcli auth command locally. After authenticating, check where olcli stores credentials (~/.config/olcli-nodejs/config.json or .olauth) and secure those files (permissions). If you need stronger controls, investigate whether Overleaf offers token-based auth or OAuth instead of a browser session cookie. Finally, confirm the Homebrew tap and npm package authorship match the links in README before installing system-wide packages.
Review Dimensions
- Purpose & Capability
- okName/description (sync, compile, download .bbl) align with SKILL.md, README, and references. The package files reference olcli and link to expected install methods (Homebrew/npm). Nothing requested or included appears unrelated to Overleaf/LaTeX workflows.
- Instruction Scope
- okSKILL.md contains concrete CLI commands limited to olcli operations (auth, pull, push, compile, output, etc.). It asks the user to obtain the Overleaf session cookie from the browser (necessary for session-cookie auth) and does not instruct reading unrelated system files or exfiltrating data to unknown endpoints.
- Install Mechanism
- okThere is no automated install spec in the skill bundle; included scripts/install.sh simply tries Homebrew then npm to install the upstream olcli. Both are reasonable, common distribution methods; the script does not download arbitrary archives or contact unknown hosts itself.
- Credentials
- noteThe skill requires a session cookie (overleaf_session2) for authentication — this is proportionate to the stated purpose but is a sensitive credential. SKILL.md documents where olcli stores credentials (~/.config/olcli-nodejs/config.json and local .olauth) and an env var (OVERLEAF_SESSION). No unrelated credentials or env vars are requested.
- Persistence & Privilege
- okalways:false and user-invocable means it is not force-included. The skill does not request or attempt to modify other skills or system-wide agent settings. Allowing the agent to invoke the skill autonomously is normal for skills and not a concern here.