ClawHub

Overleaf

Security checks across malware telemetry and agentic risk

Overview

This Overleaf helper is transparent about what it does, but it asks for broad browser-cookie/keychain access and can modify, delete, or accept Overleaf content without clear per-action safeguards.

Install only if you are comfortable allowing pyoverleaf to use your logged-in browser session for Overleaf. Prefer a dedicated browser profile or separate Overleaf account, pin and review the pyoverleaf version before granting Keychain access, and require explicit confirmation before any write, delete, sync, download, or invite-acceptance action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description includes very broad trigger wording such as 'Triggers on Overleaf, LaTeX sync, tex file uploads to Overleaf, or Overleaf invite acceptance,' which can cause the skill to activate in loosely related contexts without a tight user-intent boundary. Over-broad activation increases the chance an agent invokes a high-privilege skill unnecessarily, exposing browser-cookie-backed account access and write operations to unintended workflows.

Credential Access

High
Category
Privilege Escalation
Content
## Security Considerations

⚠️ **Keychain Access Required**: pyoverleaf needs "Always Allow" keychain access to read browser cookies. This grants the tool access to your browser's cookie storage.

**Security audit**: We have audited pyoverleaf v0.1.7 and found it safe. The codebase is small and readable. Before installing, agents can self-audit the latest version at the GitHub repo above.
Confidence
97% confidence
Finding
Keychain

Credential Access

High
Category
Privilege Escalation
Content
## Security Considerations

⚠️ **Keychain Access Required**: pyoverleaf needs "Always Allow" keychain access to read browser cookies. This grants the tool access to your browser's cookie storage.

**Security audit**: We have audited pyoverleaf v0.1.7 and found it safe. The codebase is small and readable. Before installing, agents can self-audit the latest version at the GitHub repo above.
Confidence
97% confidence
Finding
keychain

Tool Parameter Abuse

High
Category
Tool Misuse
Content
pyoverleaf mkdir "Project Name/figures"

# Remove file/folder
pyoverleaf rm "Project Name/old-draft.tex"

# Download project as zip
pyoverleaf download-project "Project Name" output.zip
Confidence
87% confidence
Finding
rm "Project Name/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal