ClawHub

OpenKM Document Management

v1.0.1

OpenKM Document Management via REST API (folders, documents, metadata, versioning, search, workflows)

5· 1.4k·2 current·2 all-time
by@pes0
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (OpenKM REST) match the provided CLI (openkm_cli.py) and the declared env vars (OPENKM_BASE_URL, OPENKM_USERNAME, OPENKM_PASSWORD). Requested binaries (python) and API endpoints in SKILL.md align with a REST-based OpenKM client; nothing unrelated is requested.
Instruction Scope
SKILL.md instructs the agent to call the included Python CLI to perform folder, document, metadata, versioning, search, and workflow operations against the user-provided OpenKM base URL. The instructions only reference local file paths for upload/download and the OpenKM service; they do not direct the agent to read unrelated system files or exfiltrate data to third-party endpoints.
Install Mechanism
There is no install spec — the skill is instruction-only and ships a Python script to be executed. No external archives or downloads are fetched at install time. This is low-risk from an install-mechanism perspective.
Credentials
The three required env vars are proportionate to a REST client. Small inconsistencies: the code imports the third-party 'requests' library but the manifest does not declare this dependency, so runtime may fail if 'requests' is absent. README/SKILL.md mention an optional OPENKM_DEBUG env var which is not listed in requires.env (non-sensitive). Otherwise credentials requested (username/password) are appropriate for the stated purpose.
Persistence & Privilege
The skill is user-invocable and not forced-always; it does not request persistent system-wide config changes or access to other skills' credentials. Autonomous invocation is allowed (platform default) but the skill does not request elevated privileges beyond reading/writing local files for upload/download and calling the configured OpenKM endpoint.
Assessment
This skill appears to do what it says: run the included Python CLI against your OpenKM server. Before installing: (1) only provide OpenKM credentials for an account with the minimum necessary permissions (avoid full admin if not required); (2) ensure the runtime has the Python 'requests' package installed or the CLI will fail; (3) host the skill in a controlled environment (or sandbox) because it will execute a bundled Python script and will read/write local files you point it at; (4) use HTTPS for OPENKM_BASE_URL and validate the server certificate; (5) if you need stricter controls, review the openkm_cli.py source yourself — it is short and straightforward — and consider pinning the script to a vetted release or running it in a restricted container.

Like a lobster shell, security has layers — review code before you run it.

latestvk978jyn7zc1dx72t4hs0p60hd580qwczlatest OpenKM openkm Document Management Rest API Document Versioningvk978jyn7zc1dx72t4hs0p60hd580qwczlatest openkm Document Management Rest API Versioning Checkoutvk978jyn7zc1dx72t4hs0p60hd580qwcz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📁 Clawdis
Binspython
EnvOPENKM_BASE_URL, OPENKM_USERNAME, OPENKM_PASSWORD
Primary envOPENKM_BASE_URL

Comments