SignNow
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: signnow Version: 1.0.3 The skill provides a standard integration for the SignNow e-signature platform via a managed OAuth gateway (api.maton.ai). The SKILL.md file contains legitimate API documentation and Python/JavaScript code snippets for document management, signature invites, and connection handling, all of which align with the stated purpose. No evidence of data exfiltration, malicious execution, or prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could help perform meaningful SignNow actions such as uploading documents or sending signing requests.
The skill documents write-capable SignNow operations that can affect documents and signature workflows, but these operations are central to the stated purpose.
Upload documents, send signature invites, manage templates, and automate e-signature workflows.
Confirm the target document, recipients, and intended effect before approving any create, update, send, or delete operation.
Anyone or any agent with this key may be able to use the connected SignNow integration within the granted scope.
The skill requires a Maton API key that is used to access a connected SignNow account through delegated OAuth.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Keep MATON_API_KEY private, use the intended SignNow connection ID when multiple accounts exist, and revoke unused connections or keys.
Sensitive e-signature documents and account operations may be handled by the Maton proxy as part of normal use.
The artifact discloses that SignNow API traffic is routed through Maton, so document data and account requests may pass through that gateway.
Maton proxies requests to `api.signnow.com` and automatically injects your OAuth token.
Use this skill only if you trust Maton for managed OAuth and document proxying, and avoid sending documents that should not transit that service.