paperless-ngx-tools
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: paperless-ngx-tools Version: 1.0.2 The skill bundle is designed to interact with the Paperless-ngx API for document management. All Node.js scripts (`.mjs`) correctly utilize `PAPERLESS_URL` and `PAPERLESS_TOKEN` from environment variables to make authenticated API calls to the specified Paperless-ngx instance. File system operations (reading for upload, writing for download) are directly related to the skill's stated purpose and do not target sensitive system paths or execute arbitrary commands. The `SKILL.md` documentation provides clear instructions for using the skill and does not contain any prompt injection attempts or instructions for malicious behavior. No external dependencies, obfuscation, or unauthorized network/system access were identified.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Downloading a document with an unsafe stored filename could create or overwrite files in locations the user did not intend.
When no explicit output path is supplied, the script writes using a filename from Paperless metadata without applying basename/path validation. A filename containing path separators or `..` could cause writes outside the intended current directory or overwrite unexpected files.
const filename = values.original ? meta.original_file_name : (meta.archived_file_name || meta.original_file_name); ... const outputPath = values.output || join(process.cwd(), filename); ... await writeFile(outputPath, buffer);
Sanitize server-provided filenames with `basename`, reject `..` and absolute paths, avoid overwriting existing files by default, and prefer an explicit safe `--output` path.
If used without care, direct API commands could change or remove documents or metadata in the Paperless archive.
The advanced reference documents direct Paperless API operations that can update, bulk-edit, or delete document data. This is related to document management, but it is higher-impact than simple search/retrieval.
PATCH | `/api/documents/{id}/` | Update document metadata | ... DELETE | `/api/documents/{id}/` | Delete document | ... ### Bulk edit documentsRequire clear user confirmation before any PATCH, DELETE, or bulk-edit operation, and use a least-privilege Paperless account where possible.
Anyone or any agent action using this token may be able to read, upload, and modify Paperless document data according to the token's permissions.
The skill requires a Paperless API token and URL. That credential is expected for this integration, but it grants account-level access to the configured Paperless instance.
"PAPERLESS_URL": "http://your-paperless-host:8000", "PAPERLESS_TOKEN": "your-api-token"
Use a dedicated Paperless token/account with the minimum needed permissions, protect the config file, and prefer HTTPS for non-local connections.
Private document text may be exposed to the agent, and malicious or untrusted document text could try to influence the agent if treated as instructions.
The `--content` and `--full` options return OCR text from Paperless documents into the script output, where it can enter the agent's context.
if (values.content) { let content = doc.content || ''; ... result.content = content; }Only retrieve full OCR content when needed, treat document text as untrusted data, and avoid reusing it as instructions or persistent memory.