← Back to Skills Marketplace
zamedic

Labradoc Cli

by Marc Arndt · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
402
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install labradoc-cli
Description
Use the Labradoc CLI to authenticate and call Labradoc API endpoints (tasks, files, users, API keys, email, Google/Microsoft integrations, billing) from Open...
README (SKILL.md)

Labradoc CLI

Labradoc is an AI document intelligence platform that unifies emails, documents, and photos into one searchable system. It provides natural-language search and contextual answers over your own data, supports Gmail and Google Drive integrations, email forwarding, and manual uploads, and emphasizes GDPR-aligned hosting in Germany with strong privacy controls.

Use this skill to operate the labradoc-cli CLI with API token authentication. It covers configuration and every available command.

Install

Get the latest prebuilt binary from the GitHub Releases page, then place it on your PATH:

https://github.com/zamedic/labradoc-cli/releases

Configuration

The CLI sends the API token as the X-API-Key header.

Preferred authentication method: API Token from your Labradoc profile at https://labradoc.eu/profile

Set the token using one of the following (highest wins):

--api-token flag
API_TOKEN env var
labrador.yaml (api_token)

Optional base URL override:

--api-url flag
API_URL env var
labrador.yaml (api_url)

Config file precedence:

labrador.yaml
labrador.\x3CENVIRONMENT>.yaml
ENV vars (dots become underscores)

Global Flags

--api-url     API base URL (default https://labradoc.eu)
--api-token   API token (X-API-Key)
--timeout     HTTP timeout (default 30s)

Authentication (OAuth)

API token auth is preferred, but OAuth is available:

# Login via browser
eval labradoc-cli auth login --api-url https://api.labradoc.eu

# Check auth status
labradoc-cli auth status --api-url https://labradoc.eu

# Get current token
labradoc-cli auth token

# Refresh token
labradoc-cli auth refresh

# Logout
labradoc-cli auth logout

When using OAuth, pass --use-auth-token to API commands instead of --api-token.

Raw Request

labradoc-cli api request /api/tasks --method GET
labradoc-cli api request /api/tasks --method POST --body '{"name":"Example"}'
labradoc-cli api request /api/tasks --method POST --body-file ./payload.json

Tasks

labradoc-cli api tasks list
labradoc-cli api tasks close --id \x3Ctask-id>
labradoc-cli api tasks close --ids \x3Ctask-id> --ids \x3Ctask-id>

Files

labradoc-cli api files list --status New --status completed --page-size 50
labradoc-cli api files upload --file ./document.pdf
labradoc-cli api files get --id \x3Cfile-id>
labradoc-cli api files content --id \x3Cfile-id> --out content.txt
labradoc-cli api files ocr --id \x3Cfile-id> --out ocr.txt
labradoc-cli api files download --id \x3Cfile-id> --out original.pdf
labradoc-cli api files fields --id \x3Cfile-id>
labradoc-cli api files related --id \x3Cfile-id>
labradoc-cli api files reprocess --id \x3Cfile-id>
labradoc-cli api files tasks --id \x3Cfile-id>
labradoc-cli api files image --id \x3Cfile-id> --page 1 --out page-1.png
labradoc-cli api files preview --id \x3Cfile-id> --page 1 --out page-1-preview.png
labradoc-cli api files archive --id \x3Cfile-id>
labradoc-cli api files archive --ids \x3Cfile-id> --ids \x3Cfile-id>
labradoc-cli api files question --id \x3Cfile-id> --body '{"question":"What is the due date?"}'
labradoc-cli api files search --body '{"question":"Find all invoices from Acme"}'

Valid --status values: New, multipart, googleDocument, Check_Duplicate, detectFileType, htmlToPdf, preview, ocr, process_image, embedding, name_predictor, document_type, extraction, task, completed, ignored, error, not_supported, on_hold, duplicated.

Note: files search returns a Server-Sent Events (SSE) stream.

API Keys

labradoc-cli api apikeys list
labradoc-cli api apikeys create --name "CI token" --expires-at 2026-06-01T00:00:00Z
labradoc-cli api apikeys revoke --id \x3Ckey-id>

User

labradoc-cli api user credits
labradoc-cli api user stats
labradoc-cli api user language get
labradoc-cli api user language set --language en

Email

labradoc-cli api email addresses
labradoc-cli api email request --description "Inbound invoices"
labradoc-cli api email list
labradoc-cli api email body --id \x3Cemail-id> --index 1 --out body.eml

Integrations

See references/integrations.md for Google Drive, Gmail, and Microsoft Outlook commands.

Billing (Stripe)

labradoc-cli api stripe checkout
labradoc-cli api stripe pages-checkout
labradoc-cli api stripe webhook --body-file ./stripe-event.json

Wrapper Script

A convenience wrapper is provided at scripts/run-labradoc.sh. It checks that the labradoc-cli binary is on PATH and forwards all arguments:

./scripts/run-labradoc.sh api tasks list

Troubleshooting

Missing token: provide --api-token, API_TOKEN, or api_token in labrador.yaml
401/403: confirm API token and --api-url
Usage Guidance
This skill appears to be what it says: a Labradoc CLI client. Before installing or running the binary: 1) verify the binary comes from the official repository and check cryptographic checksums/signatures if available; 2) review the README/SKILL.md and the command list so you understand what data can be uploaded or requested (files upload, file search, API key creation, etc.); 3) note that OAuth uses a local HTTP callback and tokens are stored under ~/.config/labradoc/cli (clear them with 'labradoc auth logout' if needed); 4) be careful if you override --api-url or API_URL — pointing it at an unfamiliar endpoint could send your tokens/data elsewhere; and 5) if you want extra assurance, build the CLI locally from the included source rather than running a prebuilt binary.
Capability Analysis
Type: OpenClaw Skill Name: labradoc-cli Version: 1.0.0 The skill bundle is classified as suspicious due to the broad capabilities of the `labradoc-cli` tool, particularly the `api request` command (implemented in `cmd/api/request.go`). This command allows the AI agent to construct and execute arbitrary HTTP requests, including specifying methods, paths, request bodies (from strings or local files, including stdin), and writing responses to local files. This functionality, while legitimate for a generic CLI, creates a significant prompt injection vulnerability, enabling an attacker to potentially instruct the AI agent to exfiltrate sensitive local files (e.g., `~/.ssh/id_rsa`) to external endpoints or perform unauthorized actions against arbitrary APIs. The `SKILL.md` also contains an `eval` command, which is a risky primitive, though used for a fixed, legitimate OAuth login flow in this context. No evidence of intentional malicious behavior (e.g., hardcoded exfiltration, backdoors) was found in the code, but the inherent capabilities pose a high risk for misuse via prompt injection.
Capability Assessment
Purpose & Capability
Name, description, SKILL.md, README, and the included Go source implement a CLI for Labradoc API operations (tasks, files, auth, integrations, billing). The requested behaviors (API token or OAuth, reading config, storing tokens) are expected for this purpose.
Instruction Scope
SKILL.md instructs downloading the CLI from GitHub Releases and using API token or OAuth; it documents config precedence and commands. The runtime instructions and code only reference API endpoints for Labradoc and local config/token files. The OAuth flow opens a localhost callback (standard) and tokens are stored under the user config directory (~/.config/labradoc/cli), which matches the documentation.
Install Mechanism
No automated install spec in registry; SKILL.md recommends fetching prebuilt binaries from GitHub Releases (https://github.com/zamedic/labradoc-cli/releases). Fetching binaries from GitHub releases is common but users should verify authenticity (checksums/signatures) before running third-party binaries.
Credentials
The skill uses API tokens or OAuth and documents environment variables (API_TOKEN, API_URL, KEYCLOAK_URL, etc.) and config files. The registry metadata lists no required env vars; that is not harmful but means the skill treats those vars as optional overrides. Token storage on disk (~/.config/labradoc/cli/token.json and pkce.json) is expected for OAuth flows.
Persistence & Privilege
The skill does not request permanent 'always' inclusion, does not alter other skills, and only persists its own tokens/config under the user config directory. Autonomous invocation is allowed by default but is not combined with other concerning privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install labradoc-cli
  3. After installation, invoke the skill by name or use /labradoc-cli
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of labradoc-cli skill. - Enables authenticated command-line access to the Labradoc API for tasks, files, users, email, API keys, integrations, and billing. - Supports API token and OAuth authentication methods with clear configuration precedence. - Provides commands for document upload, search, processing, and management. - Includes wrappers and troubleshooting guidance for seamless operation. - Detailed usage examples and flag descriptions provided for all major commands.
Metadata
Slug labradoc-cli
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Labradoc Cli?

Use the Labradoc CLI to authenticate and call Labradoc API endpoints (tasks, files, users, API keys, email, Google/Microsoft integrations, billing) from Open... It is an AI Agent Skill for Claude Code / OpenClaw, with 402 downloads so far.

How do I install Labradoc Cli?

Run "/install labradoc-cli" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Labradoc Cli free?

Yes, Labradoc Cli is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Labradoc Cli support?

Labradoc Cli is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Labradoc Cli?

It is built and maintained by Marc Arndt (@zamedic); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments