Overleaf LaTeX
ReviewAudited by ClawScan on May 14, 2026.
Overview
The skill is coherent for managing Overleaf LaTeX projects, but users should handle its local credential storage and Git push actions carefully.
This skill appears safe for its stated Overleaf workflow if you are comfortable using Git with Overleaf. Use a personal access token instead of your password, avoid plaintext credential storage when possible, review changes before pushing, and treat the optional plugin as separate code to evaluate before installing.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your Overleaf password or token, and possibly Git credentials, may remain on disk and could be misused by someone with access to your machine.
The skill asks users to persist Overleaf account secrets locally and configure Git credential storage. This is expected for Overleaf Git access, but it creates sensitive local credential state.
echo "OVERLEAF_PASSWORD=your_password_or_token" >> ~/.openclaw/.overleaf_credentials ... chmod 600 ~/.openclaw/.overleaf_credentials ... git config --global credential.helper store
Prefer a revocable Overleaf personal access token, keep permissions restricted, consider an OS keychain credential helper instead of plaintext Git storage, and revoke/remove credentials when no longer needed.
If run on the wrong branch or with unintended files, changes could be pushed to Overleaf or branches could be modified.
The skill documents Git commands that mutate a remote Overleaf project. This matches the skill purpose, but these actions can publish or overwrite project changes.
git add -A git commit -m "tailor: resume for Company Name" git push origin resume/company-slug
Review git status and diffs, compile locally as instructed, and confirm the target branch before pushing or deleting branches.
Installing the optional plugin may add executable tool integration beyond what was reviewed here.
The skill recommends an optional external plugin that is not part of the reviewed file manifest. The source is disclosed, but the plugin code is not included in these artifacts.
openclaw plugins install clawhub:@wahajahmed010/openclaw-overleaf
Install the optional plugin only if you trust its publisher/source, and inspect or pin the plugin before granting it access to your projects.