overleaf
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill employs a dedicated command-line utility,
olcli, to manage LaTeX projects, including cloning repositories and triggering cloud compilations.\n- [EXTERNAL_DOWNLOADS]: The skill installs theolclitool from the author's official repositories (npm package@aloth/olcliand Homebrew tapaloth/tap) and downloads project files from Overleaf's servers during operation.\n- [DATA_EXFILTRATION]: The skill synchronizes local LaTeX files and assets with Overleaf's remote servers using thepushandsynccommands, which is the intended behavior for project management.\n- [CREDENTIALS_UNSAFE]: The skill manages Overleaf session cookies (overleaf_session2) for authentication. These credentials are provided by the user and stored in local configuration files or environment variables to enable the CLI to interact with the Overleaf API.
Audit Metadata