Paperless-ngx
ReviewAudited by ClawScan on May 1, 2026.
Overview
This instruction-only Paperless-ngx skill is coherent and purpose-aligned, but users should notice that it needs an API token and includes document-changing and deletion operations.
Before installing, understand that this skill needs your Paperless-ngx URL and API token and can read, upload, edit, delete, and bulk-change documents. Use a limited-permission token where possible and manually confirm destructive or bulk actions.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill must provide a token that may allow access to private documents and document-management actions in their Paperless-ngx instance.
The skill requires an authenticated Paperless-ngx API token. This is expected for the stated purpose, but it is sensitive account access and is not reflected in the registry credential/env-var declarations.
Requires environment variables: - `PAPERLESS_URL`: Base URL - `PAPERLESS_TOKEN`: API token from Paperless-ngx settings
Use a dedicated Paperless-ngx user or token with the minimum permissions needed, and revoke or rotate it if the skill is no longer used.
Incorrect or unintended use could edit, reprocess, or delete one or more documents in Paperless-ngx.
The skill documents destructive and bulk-changing REST API operations. These are aligned with document management, but they can materially alter or remove documents if used on the wrong IDs.
curl -s -X DELETE "$PAPERLESS_URL/api/documents/{id}/" ...
Methods: `set_correspondent`, `set_document_type`, `add_tag`, `remove_tag`, `delete`, `reprocess`.Confirm document IDs and get explicit user approval before delete, bulk delete, bulk reprocess, or broad metadata changes.