ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Overleaf

v1.2.0

Access Overleaf projects via CLI. Use for reading/writing LaTeX files, syncing local .tex files to Overleaf, downloading projects, managing Overleaf project...

1· 1.6k·5 current·5 all-time
byEason Chen@easonc13
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Overleaf CLI access, read/write/sync/accept invites) matches the included instructions and the small helper script. Requiring browser cookies / keychain access is proportionate for a tool that authenticates via a logged-in browser session.
Instruction Scope
SKILL.md instructs the agent to use pyoverleaf, read browser cookies (via OS keychain) and to programmatically accept Overleaf invites using the site's endpoints. These actions are within the stated feature set, but reading browser cookies and accepting invites are sensitive operations — the doc calls this out but the agent could perform invite acceptance autonomously if allowed.
Install Mechanism
No install spec in the registry (instruction-only). The README/SKILL.md recommend installing pyoverleaf via pipx (PyPI) — a standard distribution channel. This is expected for a Python CLI; the install risk is moderate and typical for such a skill.
Credentials
The skill requests no environment variables or other credentials, which is consistent. However, it relies on access to browser cookies/keychain (macOS keychain 'Always Allow' is explicitly mentioned). That is sensitive (gives access to authenticated Overleaf session cookies) and should be considered before granting access.
Persistence & Privilege
always is false and there are no special persistence or system-wide config changes. The skill can be invoked autonomously (platform default), which combined with cookie access could let the agent accept invites or sync files without manual interaction — expected for the feature set but worth user caution.
Assessment
This skill does what it says: it uses the pyoverleaf client and your browser session (cookies stored in OS keychain) to list, read, write, download, and accept Overleaf project invites. Before installing: (1) Review the pyoverleaf GitHub source and recent releases yourself (the SKILL.md claims an audit of v0.1.7 but you should verify the version you install). (2) Test pyoverleaf locally by running pyoverleaf ls to trigger the keychain prompt so you see what permissions are requested. (3) On shared machines, avoid granting global 'Always Allow' keychain access; consider using a separate browser profile or machine for Overleaf automation. (4) If you do not want the agent to autonomously accept invites or push edits, keep autonomous invocation disabled for this skill or limit its permissions. (5) Monitor Overleaf's history/audit after first runs and revoke sessions or change passwords if you see unexpected activity.

Like a lobster shell, security has layers — review code before you run it.

latestvk978h17etmkegcx0422b3mrx6182z315

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments