ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Overleaf

Access Overleaf projects via CLI. Use for reading/writing LaTeX files, syncing local .tex files to Overleaf, downloading projects, managing Overleaf project...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 1.3k · 3 current installs · 3 all-time installs
byEason Chen@EasonC13
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Overleaf CLI access, read/write/sync/accept invites) matches the included instructions and the small helper script. Requiring browser cookies / keychain access is proportionate for a tool that authenticates via a logged-in browser session.
Instruction Scope
SKILL.md instructs the agent to use pyoverleaf, read browser cookies (via OS keychain) and to programmatically accept Overleaf invites using the site's endpoints. These actions are within the stated feature set, but reading browser cookies and accepting invites are sensitive operations — the doc calls this out but the agent could perform invite acceptance autonomously if allowed.
Install Mechanism
No install spec in the registry (instruction-only). The README/SKILL.md recommend installing pyoverleaf via pipx (PyPI) — a standard distribution channel. This is expected for a Python CLI; the install risk is moderate and typical for such a skill.
Credentials
The skill requests no environment variables or other credentials, which is consistent. However, it relies on access to browser cookies/keychain (macOS keychain 'Always Allow' is explicitly mentioned). That is sensitive (gives access to authenticated Overleaf session cookies) and should be considered before granting access.
Persistence & Privilege
always is false and there are no special persistence or system-wide config changes. The skill can be invoked autonomously (platform default), which combined with cookie access could let the agent accept invites or sync files without manual interaction — expected for the feature set but worth user caution.
Assessment
This skill does what it says: it uses the pyoverleaf client and your browser session (cookies stored in OS keychain) to list, read, write, download, and accept Overleaf project invites. Before installing: (1) Review the pyoverleaf GitHub source and recent releases yourself (the SKILL.md claims an audit of v0.1.7 but you should verify the version you install). (2) Test pyoverleaf locally by running pyoverleaf ls to trigger the keychain prompt so you see what permissions are requested. (3) On shared machines, avoid granting global 'Always Allow' keychain access; consider using a separate browser profile or machine for Overleaf automation. (4) If you do not want the agent to autonomously accept invites or push edits, keep autonomous invocation disabled for this skill or limit its permissions. (5) Monitor Overleaf's history/audit after first runs and revoke sessions or change passwords if you see unexpected activity.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.2.0
Download zip
latestvk978h17etmkegcx0422b3mrx6182z315

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Overleaf

CLI tool to interact with Overleaf projects using browser cookies for authentication.

GitHub: https://github.com/jkulhanek/pyoverleaf

Requirements

  • Python 3.8+
  • pyoverleaf (pipx install pyoverleaf)
  • User logged into Overleaf in Chrome/Firefox

Security Considerations

⚠️ Keychain Access Required: pyoverleaf needs "Always Allow" keychain access to read browser cookies. This grants the tool access to your browser's cookie storage.

Security audit: We have audited pyoverleaf v0.1.7 and found it safe. The codebase is small and readable. Before installing, agents can self-audit the latest version at the GitHub repo above.

Authentication Setup

pyoverleaf authenticates by reading cookies from your browser. The user must:

  1. Log into Overleaf in Chrome or Firefox (visit overleaf.com and sign in)
  2. Grant keychain access on first run (macOS will prompt for "Always Allow")
# Test auth - user should run this in their terminal first
pyoverleaf ls

If you get auth errors:

  • Ask user: "Are you logged into Overleaf in your browser?"
  • If on macOS: "Did you approve the keychain access prompt with 'Always Allow'?"
  • User may need to run pyoverleaf ls manually in terminal to trigger the keychain prompt

Note: The agent cannot log in for the user. Browser authentication must be done by the user directly.

CLI Commands

# List all projects
pyoverleaf ls

# List files in project
pyoverleaf ls "Project Name"

# Read file content
pyoverleaf read "Project Name/main.tex"

# Write file (stdin → Overleaf)
cat local.tex | pyoverleaf write "Project Name/main.tex"

# Create directory
pyoverleaf mkdir "Project Name/figures"

# Remove file/folder
pyoverleaf rm "Project Name/old-draft.tex"

# Download project as zip
pyoverleaf download-project "Project Name" output.zip

Common Workflows

Download from Overleaf

pyoverleaf download-project "Project Name" /tmp/latest.zip
unzip -o /tmp/latest.zip -d /tmp/latest
cp /tmp/latest/main.tex /path/to/local/main.tex

Upload to Overleaf (Python API recommended)

The CLI write command has websocket issues. Use Python API for reliable uploads:

import pyoverleaf

api = pyoverleaf.Api()
api.login_from_browser()

# List projects to get project ID
for proj in api.get_projects():
    print(proj.name, proj.id)

# Upload file (direct overwrite)
project_id = "your_project_id_here"
with open('main.tex', 'rb') as f:
    content = f.read()
root = api.project_get_files(project_id)
api.project_upload_file(project_id, root.id, "main.tex", content)

Why direct overwrite? This method preserves Overleaf's version history. Users can see exactly what changed via Overleaf's History feature, making it easy to review agent edits and revert if needed.

Accept Project Invites

The agent can accept Overleaf project invitations programmatically using browser cookies — no manual clicking required.

How it works

  1. Fetch pending invite notifications from Overleaf's /notifications API
  2. Extract the invite token from the notification
  3. Fetch the invite page to get a CSRF token
  4. POST to the accept endpoint with the CSRF token

Python snippet

import pyoverleaf
import re

api = pyoverleaf.Api()
api.login_from_browser()
session = api._get_session()

# Step 1: Get pending invites
r = session.get('https://www.overleaf.com/notifications',
                headers={'Accept': 'application/json'})
notifications = r.json()

# Filter for project invites
invites = [n for n in notifications
           if n.get('templateKey') == 'notification_project_invite']

for invite in invites:
    opts = invite['messageOpts']
    project_id = opts['projectId']
    token = opts['token']
    project_name = opts['projectName']
    inviter = opts['userName']
    print(f"Invite: '{project_name}' from {inviter}")

    # Step 2: Get CSRF token from invite page
    r_page = session.get(
        f'https://www.overleaf.com/project/{project_id}/invite/token/{token}')
    csrf_match = re.search(
        r'name="ol-csrfToken" content="([^"]+)"', r_page.text)
    if not csrf_match:
        print(f"  Could not find CSRF token, skipping")
        continue
    csrf = csrf_match.group(1)

    # Step 3: Accept the invite
    r_accept = session.post(
        f'https://www.overleaf.com/project/{project_id}/invite/token/{token}/accept',
        headers={
            'Accept': 'application/json',
            'Content-Type': 'application/json',
            'x-csrf-token': csrf,
        },
        json={})
    if r_accept.status_code == 200:
        print(f"  ✅ Accepted '{project_name}'")
    else:
        print(f"  ❌ Failed ({r_accept.status_code})")

Accept a specific invite by project URL

# Given: https://www.overleaf.com/project/XXXXXXXXXXXXXXXXXXXXXXXX
target_project_id = "XXXXXXXXXXXXXXXXXXXXXXXX"
matching = [n for n in invites
            if n['messageOpts']['projectId'] == target_project_id]
# Then follow steps 2-3 above for the matching invite

Notes

  • Only works if the user is logged into Overleaf in their browser (cookie auth)
  • Invites expire (check the expires field in the notification)
  • After accepting, the project appears in pyoverleaf ls / api.get_projects()
  • For self-hosted Overleaf, replace www.overleaf.com with your host

Self-hosted Overleaf

# Via env var
export PYOVERLEAF_HOST=overleaf.mycompany.com
pyoverleaf ls

# Via flag
pyoverleaf --host overleaf.mycompany.com ls

Troubleshooting

  • Auth error / websocket error: Open Overleaf in Chrome browser first (open -a "Google Chrome" "https://www.overleaf.com/project" then wait 5s) to refresh cookies, then retry
  • "scheme https is invalid" (websocket redirect bug): The default host overleaf.com causes a 301→www.overleaf.com redirect that breaks websocket. Fix: set PYOVERLEAF_HOST=www.overleaf.com: 
    cat main.tex | PYOVERLEAF_HOST=www.overleaf.com pyoverleaf write "Project/main.tex"
  • Keychain Access Denied (macOS): pyoverleaf needs keychain access to read browser cookies. User must run pyoverleaf ls in their terminal and click "Always Allow" on the keychain prompt
  • Project not found: Use exact project name (case-sensitive), check with pyoverleaf ls
  • Permission denied: User may not have edit access to the project

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…