Overleaf
ReviewAudited by ClawScan on May 14, 2026.
Overview
The Overleaf workflow is legitimate, but review is recommended because the plugin runs git and LaTeX commands using free-form path parameters that are not clearly confined to the configured project directory.
Install only if you are comfortable letting the agent run git and LaTeX locally and push changes to Overleaf. Configure a dedicated project directory, use a least-privileged Overleaf token if possible, and review project IDs, local paths, diffs, and push actions carefully.
Publisher note
Plugin uses node:child_process (git, pdflatex) and node:fs (file access) — needs native host access for git clone/push and LaTeX compilation. No network requests beyond localhost git.overleaf.com.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or adversarial tool call could make git operations run in a different local repository or path than the intended Overleaf project.
The tool accepts projectId as a string and uses it to form a filesystem path for git operations without a shown resolved-path check that keeps it inside the configured project directory.
const localPath = path.join(baseDir, params.projectId); ... await git(["checkout", "-b", params.branchName], localPath);
Validate project IDs and directory names with an allowlist, reject '..' and absolute/path-like inputs, resolve paths and ensure they stay under projectDir, and require explicit user review before push-like mutations.
Installing the skill lets the agent invoke local git and LaTeX tools on selected projects, which can affect local files and consume system resources.
The plugin runs local git and LaTeX compiler binaries. This is central to the stated purpose, and execFile avoids shell-string execution, but it still gives the tool local command-execution capability.
return execFileAsync("git", args, { ... });
...
await execFileAsync(compiler, ["-interaction=nonstopmode", "-output-directory", localPath, path.join(localPath, mainFile)], ...);Install only if you want the agent to run git/LaTeX locally, keep compilers updated, and avoid compiling untrusted LaTeX projects without review.
Anyone or any process that can read that credentials file could potentially use the Overleaf account credential or token.
The skill clearly documents storing Overleaf account credentials in a local file, which is expected for Overleaf git access but gives the plugin access to a sensitive account secret.
Store Overleaf credentials at `~/.openclaw/.overleaf_credentials`: ... echo "OVERLEAF_PASSWORD=your_password_or_token" >> ~/.openclaw/.overleaf_credentials chmod 600 ~/.openclaw/.overleaf_credentials
Use the least-privileged token available, keep the file permission restricted, avoid reusing passwords, and remove or rotate the credential when no longer needed.
The skill may fail or behave unexpectedly unless the user has the needed local tools and credentials configured despite the registry saying none are required.
The registry metadata under-declares practical requirements that are disclosed elsewhere in the artifacts, such as local git/LaTeX tools and an Overleaf credential file.
Required binaries (all must exist): none ... Env var declarations: none ... Primary credential: none
Publisher should declare required binaries and credential expectations in metadata; users should verify git, the chosen LaTeX compiler, and credential setup before use.