Signable
v1.0.2Signable integration. Manage Documents, Templates, Users, Teams. Use when the user wants to interact with Signable data.
⭐ 0· 101·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill declares Signable integration and its instructions consistently use the Membrane CLI and Membrane-managed connections to interact with Signable. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
The SKILL.md is explicit about installing and using the Membrane CLI, creating connections, listing actions, running actions, and using a proxy command to send arbitrary Signable API requests. Allowing arbitrary proxied requests is expected for a connector but does give the agent the capability to craft arbitrary API calls via Membrane — this is coherent with the purpose but worth noting.
Install Mechanism
There is no formal install spec, but the instructions tell users to run a global npm install (@membranehq/cli -g). Instructing users to install a package from the public npm registry is common and coherent here, but global npm installs carry moderate risk (supply-chain / provenance); the skill itself does not auto-download code.
Credentials
The skill requests no env vars or credentials and explicitly advises against collecting API keys locally, instead relying on Membrane to manage auth. Requiring a Membrane account and network access is proportional to the stated functionality.
Persistence & Privilege
always is false and the skill does not request persistent/system-wide changes. No instructions modify other skills or agent-wide config beyond using the Membrane CLI for connections.
Assessment
This skill is instruction-only and coherent: it expects you to install and use the Membrane CLI and to create a Membrane connection to your Signable account (auth happens in your browser). Before installing or using it: verify the Membrane CLI package and publisher on npm (or use npx to avoid a global install), confirm the getmembrane.com and repository links are legitimate, and be comfortable granting Membrane access to your Signable account (review their privacy/security docs). Do not enter Signable API keys into the skill — follow the connection flow. If you need extra caution, test with a least-privilege or sandbox Signable account first.Like a lobster shell, security has layers — review code before you run it.
latestvk97esfxmceg2k61hg4w8b0zahh842118
License
MIT-0
Free to use, modify, and redistribute. No attribution required.