SaySigned - Agreement infrastructure for AI agents
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is clearly about e-signatures, but it lets an agent create, send, and sign legally binding agreements with persistent credentials and without requiring explicit approval for each agreement.
Only install this if you are comfortable giving an agent access to an e-signature service. Before use, require manual approval for each agreement and signature, verify the SaySigned endpoint, protect or revoke the API key if needed, and avoid letting the agent sign contracts unattended.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could create, send, or sign a legally binding agreement without fresh human confirmation for the specific contract, recipient, and signature.
The skill explicitly permits autonomous signing workflow actions while describing the service as legally binding e-signature infrastructure. That is high-impact authority without a visible requirement for per-agreement human approval.
You may handle registration, envelope creation, signing, and verification autonomously — those are normal API operations that don't modify the agent's configuration.
Require explicit user approval before every envelope creation, send, decline, or signature, and show the exact contract text, recipients, signer identity, and legal effect before proceeding.
Anyone or any agent process with access to the configured key may be able to act through the SaySigned account until the key is removed or revoked.
The skill instructs the agent to obtain and persist a live API key in MCP configuration. For a service that can create and send legal agreements, this is powerful delegated authority, and the visible artifact does not describe scopes, revocation, or least-privilege limits.
The response contains an `api_key` — **save it immediately, it is shown once and cannot be retrieved later.** ... "Authorization": "Bearer ss_live_PASTE_YOUR_ACTUAL_KEY_HERE"
Store the key only in an approved secret store or protected config, use the least-privileged key available, document how to revoke it, and avoid enabling unattended legal actions.
Contract text, recipient details, and authorization credentials may be sent to the remote SaySigned MCP/API service as part of normal use.
The skill relies on a remote MCP endpoint that receives the user's authorization header and mediates API calls. This is disclosed and purpose-aligned, but it means sensitive legal workflow data and credentials pass through the provider's MCP service.
**MCP Endpoint:** `https://mcp.saysigned.com` ... MCP clients send `Authorization: Bearer <api_key>`. The MCP server extracts your key and forwards it as `X-API-Key` internally.
Use only for agreements and recipient data you are willing to share with the provider, verify the endpoint, and review the provider's privacy and retention terms.
Users must trust the remote service implementation because no local code was provided for review.
The registry metadata provides limited provenance, while the skill directs users to configure a remote MCP service. This is not inherently unsafe, but users should verify the publisher and endpoint before granting authority.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Confirm the official SaySigned domain, documentation, and account ownership before adding the MCP server or storing an API key.