← 返回 Skills 市场
zamedic

Labradoc Cli

作者 Marc Arndt · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
402
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install labradoc-cli
功能描述
Use the Labradoc CLI to authenticate and call Labradoc API endpoints (tasks, files, users, API keys, email, Google/Microsoft integrations, billing) from Open...
使用说明 (SKILL.md)

Labradoc CLI

Labradoc is an AI document intelligence platform that unifies emails, documents, and photos into one searchable system. It provides natural-language search and contextual answers over your own data, supports Gmail and Google Drive integrations, email forwarding, and manual uploads, and emphasizes GDPR-aligned hosting in Germany with strong privacy controls.

Use this skill to operate the labradoc-cli CLI with API token authentication. It covers configuration and every available command.

Install

Get the latest prebuilt binary from the GitHub Releases page, then place it on your PATH:

https://github.com/zamedic/labradoc-cli/releases

Configuration

The CLI sends the API token as the X-API-Key header.

Preferred authentication method: API Token from your Labradoc profile at https://labradoc.eu/profile

Set the token using one of the following (highest wins):

--api-token flag
API_TOKEN env var
labrador.yaml (api_token)

Optional base URL override:

--api-url flag
API_URL env var
labrador.yaml (api_url)

Config file precedence:

labrador.yaml
labrador.\x3CENVIRONMENT>.yaml
ENV vars (dots become underscores)

Global Flags

--api-url     API base URL (default https://labradoc.eu)
--api-token   API token (X-API-Key)
--timeout     HTTP timeout (default 30s)

Authentication (OAuth)

API token auth is preferred, but OAuth is available:

# Login via browser
eval labradoc-cli auth login --api-url https://api.labradoc.eu

# Check auth status
labradoc-cli auth status --api-url https://labradoc.eu

# Get current token
labradoc-cli auth token

# Refresh token
labradoc-cli auth refresh

# Logout
labradoc-cli auth logout

When using OAuth, pass --use-auth-token to API commands instead of --api-token.

Raw Request

labradoc-cli api request /api/tasks --method GET
labradoc-cli api request /api/tasks --method POST --body '{"name":"Example"}'
labradoc-cli api request /api/tasks --method POST --body-file ./payload.json

Tasks

labradoc-cli api tasks list
labradoc-cli api tasks close --id \x3Ctask-id>
labradoc-cli api tasks close --ids \x3Ctask-id> --ids \x3Ctask-id>

Files

labradoc-cli api files list --status New --status completed --page-size 50
labradoc-cli api files upload --file ./document.pdf
labradoc-cli api files get --id \x3Cfile-id>
labradoc-cli api files content --id \x3Cfile-id> --out content.txt
labradoc-cli api files ocr --id \x3Cfile-id> --out ocr.txt
labradoc-cli api files download --id \x3Cfile-id> --out original.pdf
labradoc-cli api files fields --id \x3Cfile-id>
labradoc-cli api files related --id \x3Cfile-id>
labradoc-cli api files reprocess --id \x3Cfile-id>
labradoc-cli api files tasks --id \x3Cfile-id>
labradoc-cli api files image --id \x3Cfile-id> --page 1 --out page-1.png
labradoc-cli api files preview --id \x3Cfile-id> --page 1 --out page-1-preview.png
labradoc-cli api files archive --id \x3Cfile-id>
labradoc-cli api files archive --ids \x3Cfile-id> --ids \x3Cfile-id>
labradoc-cli api files question --id \x3Cfile-id> --body '{"question":"What is the due date?"}'
labradoc-cli api files search --body '{"question":"Find all invoices from Acme"}'

Valid --status values: New, multipart, googleDocument, Check_Duplicate, detectFileType, htmlToPdf, preview, ocr, process_image, embedding, name_predictor, document_type, extraction, task, completed, ignored, error, not_supported, on_hold, duplicated.

Note: files search returns a Server-Sent Events (SSE) stream.

API Keys

labradoc-cli api apikeys list
labradoc-cli api apikeys create --name "CI token" --expires-at 2026-06-01T00:00:00Z
labradoc-cli api apikeys revoke --id \x3Ckey-id>

User

labradoc-cli api user credits
labradoc-cli api user stats
labradoc-cli api user language get
labradoc-cli api user language set --language en

Email

labradoc-cli api email addresses
labradoc-cli api email request --description "Inbound invoices"
labradoc-cli api email list
labradoc-cli api email body --id \x3Cemail-id> --index 1 --out body.eml

Integrations

See references/integrations.md for Google Drive, Gmail, and Microsoft Outlook commands.

Billing (Stripe)

labradoc-cli api stripe checkout
labradoc-cli api stripe pages-checkout
labradoc-cli api stripe webhook --body-file ./stripe-event.json

Wrapper Script

A convenience wrapper is provided at scripts/run-labradoc.sh. It checks that the labradoc-cli binary is on PATH and forwards all arguments:

./scripts/run-labradoc.sh api tasks list

Troubleshooting

Missing token: provide --api-token, API_TOKEN, or api_token in labrador.yaml
401/403: confirm API token and --api-url
安全使用建议
This skill appears to be what it says: a Labradoc CLI client. Before installing or running the binary: 1) verify the binary comes from the official repository and check cryptographic checksums/signatures if available; 2) review the README/SKILL.md and the command list so you understand what data can be uploaded or requested (files upload, file search, API key creation, etc.); 3) note that OAuth uses a local HTTP callback and tokens are stored under ~/.config/labradoc/cli (clear them with 'labradoc auth logout' if needed); 4) be careful if you override --api-url or API_URL — pointing it at an unfamiliar endpoint could send your tokens/data elsewhere; and 5) if you want extra assurance, build the CLI locally from the included source rather than running a prebuilt binary.
功能分析
Type: OpenClaw Skill Name: labradoc-cli Version: 1.0.0 The skill bundle is classified as suspicious due to the broad capabilities of the `labradoc-cli` tool, particularly the `api request` command (implemented in `cmd/api/request.go`). This command allows the AI agent to construct and execute arbitrary HTTP requests, including specifying methods, paths, request bodies (from strings or local files, including stdin), and writing responses to local files. This functionality, while legitimate for a generic CLI, creates a significant prompt injection vulnerability, enabling an attacker to potentially instruct the AI agent to exfiltrate sensitive local files (e.g., `~/.ssh/id_rsa`) to external endpoints or perform unauthorized actions against arbitrary APIs. The `SKILL.md` also contains an `eval` command, which is a risky primitive, though used for a fixed, legitimate OAuth login flow in this context. No evidence of intentional malicious behavior (e.g., hardcoded exfiltration, backdoors) was found in the code, but the inherent capabilities pose a high risk for misuse via prompt injection.
能力评估
Purpose & Capability
Name, description, SKILL.md, README, and the included Go source implement a CLI for Labradoc API operations (tasks, files, auth, integrations, billing). The requested behaviors (API token or OAuth, reading config, storing tokens) are expected for this purpose.
Instruction Scope
SKILL.md instructs downloading the CLI from GitHub Releases and using API token or OAuth; it documents config precedence and commands. The runtime instructions and code only reference API endpoints for Labradoc and local config/token files. The OAuth flow opens a localhost callback (standard) and tokens are stored under the user config directory (~/.config/labradoc/cli), which matches the documentation.
Install Mechanism
No automated install spec in registry; SKILL.md recommends fetching prebuilt binaries from GitHub Releases (https://github.com/zamedic/labradoc-cli/releases). Fetching binaries from GitHub releases is common but users should verify authenticity (checksums/signatures) before running third-party binaries.
Credentials
The skill uses API tokens or OAuth and documents environment variables (API_TOKEN, API_URL, KEYCLOAK_URL, etc.) and config files. The registry metadata lists no required env vars; that is not harmful but means the skill treats those vars as optional overrides. Token storage on disk (~/.config/labradoc/cli/token.json and pkce.json) is expected for OAuth flows.
Persistence & Privilege
The skill does not request permanent 'always' inclusion, does not alter other skills, and only persists its own tokens/config under the user config directory. Autonomous invocation is allowed by default but is not combined with other concerning privileges.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install labradoc-cli
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /labradoc-cli 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of labradoc-cli skill. - Enables authenticated command-line access to the Labradoc API for tasks, files, users, email, API keys, integrations, and billing. - Supports API token and OAuth authentication methods with clear configuration precedence. - Provides commands for document upload, search, processing, and management. - Includes wrappers and troubleshooting guidance for seamless operation. - Detailed usage examples and flag descriptions provided for all major commands.
元数据
Slug labradoc-cli
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Labradoc Cli 是什么?

Use the Labradoc CLI to authenticate and call Labradoc API endpoints (tasks, files, users, API keys, email, Google/Microsoft integrations, billing) from Open... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 402 次。

如何安装 Labradoc Cli?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install labradoc-cli」即可一键安装,无需额外配置。

Labradoc Cli 是免费的吗?

是的,Labradoc Cli 完全免费(开源免费),可自由下载、安装和使用。

Labradoc Cli 支持哪些平台?

Labradoc Cli 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Labradoc Cli?

由 Marc Arndt(@zamedic)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论