paperless-ngx-tools
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill mostly matches its Paperless-ngx purpose, but its download script saves a server-provided filename directly to disk, which could write outside the expected folder if the filename is unsafe.
Use this only if you are comfortable giving the agent access to your Paperless archive. Configure a least-privilege token, prefer HTTPS, explicitly approve destructive or bulk API actions, and use a safe explicit download path until the filename sanitization issue is fixed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Downloading a document with an unsafe stored filename could create or overwrite files in locations the user did not intend.
When no explicit output path is supplied, the script writes using a filename from Paperless metadata without applying basename/path validation. A filename containing path separators or `..` could cause writes outside the intended current directory or overwrite unexpected files.
const filename = values.original ? meta.original_file_name : (meta.archived_file_name || meta.original_file_name); ... const outputPath = values.output || join(process.cwd(), filename); ... await writeFile(outputPath, buffer);
Sanitize server-provided filenames with `basename`, reject `..` and absolute paths, avoid overwriting existing files by default, and prefer an explicit safe `--output` path.
If used without care, direct API commands could change or remove documents or metadata in the Paperless archive.
The advanced reference documents direct Paperless API operations that can update, bulk-edit, or delete document data. This is related to document management, but it is higher-impact than simple search/retrieval.
PATCH | `/api/documents/{id}/` | Update document metadata | ... DELETE | `/api/documents/{id}/` | Delete document | ... ### Bulk edit documentsRequire clear user confirmation before any PATCH, DELETE, or bulk-edit operation, and use a least-privilege Paperless account where possible.
Anyone or any agent action using this token may be able to read, upload, and modify Paperless document data according to the token's permissions.
The skill requires a Paperless API token and URL. That credential is expected for this integration, but it grants account-level access to the configured Paperless instance.
"PAPERLESS_URL": "http://your-paperless-host:8000", "PAPERLESS_TOKEN": "your-api-token"
Use a dedicated Paperless token/account with the minimum needed permissions, protect the config file, and prefer HTTPS for non-local connections.
Private document text may be exposed to the agent, and malicious or untrusted document text could try to influence the agent if treated as instructions.
The `--content` and `--full` options return OCR text from Paperless documents into the script output, where it can enter the agent's context.
if (values.content) { let content = doc.content || ''; ... result.content = content; }Only retrieve full OCR content when needed, treat document text as untrusted data, and avoid reusing it as instructions or persistent memory.