Paperless
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Paperless-NGX helper, but it needs a Paperless API token and can read, download, upload, and edit document metadata, so users should treat it as having access to their document library.
Before installing, make sure you trust the ppls CLI package and are comfortable giving it a Paperless API token. Use the least-privileged token available, keep searches narrow, and confirm any upload or metadata update before letting the assistant run it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill is authorizing access to documents and metadata available to that Paperless token.
The skill requires a Paperless hostname and API token, which is expected for the integration but gives the CLI delegated access to the user's Paperless account.
metadata: {"clawdbot":{"requires":{"bins":["ppls"],"env":["PPLS_HOSTNAME","PPLS_TOKEN"]}Use a token/account with only the access needed, keep the token private, and rotate it if it may have been exposed.
Private or business document text could be displayed or used by the assistant when you ask it to inspect documents.
The skill can retrieve full document details including OCR text, which may place sensitive document contents into the agent conversation or outputs.
# Get full document details (includes OCR content) ppls documents show 1234 --json
Ask for specific documents or narrow searches, avoid exposing unnecessary OCR content, and review outputs before sharing them elsewhere.
Mistyped IDs or broad instructions could add the wrong file or change the wrong document metadata.
The documented CLI commands can upload documents and update document metadata. This is purpose-aligned for Paperless organization, but it changes account data.
ppls documents add scan.pdf ... ppls documents update 1234 --title "New Title" --correspondent 5 --tag 10
Confirm document IDs, file paths, and metadata changes before asking the assistant to run modifying commands.
The installed CLI package will run locally and handle the Paperless token and document operations.
The skill depends on installing a global npm CLI package. This is central to the skill's purpose, but it introduces normal package-provenance and update risk.
npm install -g @nickchristensen/ppls
Install from the expected npm package, review the linked project if desired, and pin or manage the package version in controlled environments.