Docuseal
v1.0.5Manage DocuSeal e-signature workflows from the terminal via the DocuSeal CLI - create templates from PDF/DOCX/HTML, send documents for signing, track submiss...
⭐ 0· 165·0 current·0 all-time
byAlex Turchyn@alexbturchyn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (DocuSeal CLI) align with the required binary (docuseal) and the two required env vars (DOCUSEAL_API_KEY, DOCUSEAL_SERVER). These are exactly the kinds of things an e-signature CLI would need. Minor metadata mismatch: the registry shows no primary credential while the SKILL.md declares primaryEnv: DOCUSEAL_API_KEY, which is reasonable but inconsistent metadata.
Instruction Scope
SKILL.md contains explicit CLI usage patterns, examples, and references. Instructions focus on running the docuseal CLI, supplying flags/JSON bodies, and setting the API key/server. There are no directives to read unrelated files, harvest additional env vars, or send data to unexpected endpoints.
Install Mechanism
The registry entry is instruction-only (no platform install spec), but SKILL.md includes an npm install recommendation (package: docuseal). Installing via npm is a common/traceable mechanism; it is moderate risk compared to no install. There are no arbitrary download URLs or archive extracts in the package.
Credentials
Only DOCUSEAL_API_KEY and DOCUSEAL_SERVER are required — both are appropriate and directly tied to service access. The skill does not request unrelated secrets or high counts of credentials. (Note: SKILL.md marks DOCUSEAL_API_KEY as primaryEnv while registry metadata lists no primary credential.)
Persistence & Privilege
The skill is not always-enabled, does not request elevated persistence, and is instruction-only with no system‑wide modifications. Autonomous model invocation is allowed (platform default) but not combined with other red flags.
Assessment
This skill appears coherent for controlling DocuSeal via a CLI. Before installing or using it: 1) verify the docuseal CLI package (npm package name and publisher) and the linked GitHub/source to ensure you trust the binary that will run on your system; 2) provide an API key with least privilege and consider creating a dedicated key/account for automation; 3) double-check DOCUSEAL_SERVER when using a self-hosted URL (ensure it points to your instance, not a third party); and 4) review any emails/recipients you pass to the CLI since the skill will send signature requests. The only minor concerns are metadata inconsistencies (registry vs SKILL.md about install and primaryEnv) — these are not dangerous but you may want to confirm the authoritative install instructions and provenance.Like a lobster shell, security has layers — review code before you run it.
latestvk97ffeyf3ef2hnbf8njcpts0wd84a19w
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📝 Clawdis
Binsdocuseal
EnvDOCUSEAL_API_KEY, DOCUSEAL_SERVER