OpenClaw Agreement Sender

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill matches its stated DocuSign purpose, but it can send legal agreements by default after automatic signer-tab assignment, so users should review it carefully before use.

Install only if you are comfortable giving it NanoPDF and DocuSign access. For first use or important agreements, run it with `--status created`, inspect the DocuSign draft and generated JSON files, confirm signer-tab mapping manually, then send from DocuSign after review.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

A client agreement could be sent with incorrectly assigned signature tabs if NanoPDF output lacks clear signer keys or if the user expected to review a draft first.

Why it was flagged

The script defaults to sending the DocuSign envelope and automatically assigns unmatched signature blocks by signer order before posting to DocuSign, without an explicit pre-send confirmation step in the code.

Skill content

p.add_argument("--status", default="sent", choices=["sent", "created"], help="Envelope status") ... for block in unassigned: signer = signers[signer_idx % len(signers)] ... envelope_result = http_json(... method="POST", payload=docusign_payload ...)

Recommendation

Run with `--status created` by default, review the generated payload and tab placement, and require explicit user approval before sending live envelopes, especially for multi-signer or high-value agreements.

Low

#ASI03: Identity and Privilege Abuse

What this means

Anyone running the script with these environment variables can use the configured DocuSign account to create or send envelopes.

Why it was flagged

The skill requires provider credentials that can access NanoPDF and create DocuSign envelopes. This is expected for the integration, but users should understand the account authority being delegated.

Skill content

Set required variables: ... `NANOPDF_API_KEY` ... `DOCUSIGN_ACCOUNT_ID` ... `DOCUSIGN_ACCESS_TOKEN`

Recommendation

Use least-privileged, short-lived credentials where possible, keep tokens only in environment variables, and avoid running the skill in shared or untrusted environments.

Low

#ASI06: Memory and Context Poisoning

What this means

Confidential contract contents and signer names/emails may remain on disk in the output directory after the envelope is created.

Why it was flagged

The saved DocuSign payload includes signer information and `documentBase64`, meaning the local audit file contains the agreement contents in encoded form.

Skill content

(out_dir / "docusign_payload.json").write_text(json.dumps(docusign_payload, indent=2), encoding="utf-8")

Recommendation

Store the output directory in a secure location, restrict access, and delete or redact audit files when they are no longer needed.