OpenKM Document Management
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill appears coherent for managing OpenKM through its REST API, but it uses OpenKM credentials and can change or delete documents when invoked.
This skill looks appropriate for OpenKM REST administration, but install it only if you are comfortable letting the agent use the supplied OpenKM account for document and workflow operations. Prefer a limited service account, keep credentials out of shared logs, use HTTPS, and confirm destructive actions before running them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is asked to run destructive or modifying commands, it can delete, move, rename, or alter OpenKM documents and related metadata.
The skill exposes direct document mutation and deletion commands. This is consistent with an OpenKM document-management skill, but mistaken use could affect business documents.
python3 openkm_cli.py delete --doc-id <uuid>
Use a least-privilege OpenKM account and require clear user confirmation for delete, restore, move, rename, and workflow-completion actions.
The skill can access and modify OpenKM data according to the permissions of the supplied account.
The skill requires OpenKM credentials and authenticates API calls with them. This is expected for the integration, but the example suggests potentially privileged access.
OPENKM_USERNAME=okm_admin OPENKM_PASSWORD=secret
Avoid using an admin account unless necessary, prefer a scoped service account, store credentials securely, and use HTTPS for OPENKM_BASE_URL.
Debug logs could expose snippets of OpenKM responses in terminal output or collected logs.
When debug mode is enabled, the CLI prints the first part of API responses to stderr. This is a normal debugging feature, but OpenKM responses may contain document metadata or other sensitive information.
self._dbg(f"→ {r.status_code} {r.text[:200]}")Only enable OPENKM_DEBUG in trusted local troubleshooting sessions and avoid sharing debug logs without reviewing them first.