Back to skill
Skillv1.0.1
VirusTotal security
SaySigned - Agreement infrastructure for AI agents · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:15 AM
- Hash
- c8e181efc03211e3e1d0ee8c2357bfcd9f75157507991f6f77d5fa3cdf043abb
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: saysigned Version: 1.0.1 The OpenClaw AgentSkills skill bundle for SaySigned appears benign. The `SKILL.md` documentation is comprehensive, clearly outlining the purpose and usage of the e-signature service. Crucially, it includes explicit instructions for the AI agent to require human approval for sensitive operations like modifying MCP client configuration, storing API keys, restarting the MCP client, and initiating billing upgrades (by showing the `checkout_url`). This strong emphasis on human-in-the-loop for critical actions significantly mitigates prompt injection risks. There is no evidence of intentional malicious behavior, data exfiltration to unauthorized endpoints, persistence mechanisms, or obfuscation. The `webhook_url` parameter, while a potential vector for data exfiltration if an attacker could inject a malicious URL, is a standard feature and the skill itself does not instruct its misuse; it's a vulnerability risk if the agent is compromised, not malicious intent from the skill developer.
- External report
- View on VirusTotal