Back to skill
Skillv1.2.0
VirusTotal security
Overleaf · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:26 AM
- Hash
- 2731aa838a92de8efc423722cad314703cc696ff9dc40cdcf47250b6dc71a6fa
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: overleaf Version: 1.2.0 The skill requires 'Always Allow' keychain access to read browser cookies via the pyoverleaf dependency, which is a high-risk permission that could potentially expose all stored browser credentials. While the documentation in SKILL.md is transparent about this requirement for Overleaf authentication and provides logic for programmatic invite acceptance, the broad access to sensitive browser data and the use of private API scraping (CSRF token extraction) constitute a significant security risk.
- External report
- View on VirusTotal