Pandadoc mcp
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent PandaDoc OAuth/MCP integration with no malicious behavior found, but it handles sensitive PandaDoc credentials and data and uses an unpinned mcporter dependency.
Before installing, confirm that you trust the Maverick/OpenClaw runtime and the active PandaDoc tool provider with your PandaDoc documents and OAuth access. Consider pinning the mcporter package version, protecting the local mcporter credential vault, and approving only clearly requested write actions such as sending, updating, or deleting documents.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could change or send PandaDoc documents in ways visible to customers or recipients.
The skill acknowledges that PandaDoc tools may perform high-impact account mutations, while also instructing the agent to get clear user intent first.
Write operations that create, send, update, complete, delete, or modify documents, templates, recipients, proposals, or document status can affect customer-visible signing workflows. Confirm clear user intent before invoking write tools
Only allow write actions after reviewing the target document/template and explicitly confirming the action with the user.
Installing or enabling the skill gives the agent access through PandaDoc OAuth credentials provisioned by Maverick.
The skill requires OAuth credential environment variables for PandaDoc. This is expected for the integration, but it grants access to the user's PandaDoc account data and actions.
"MAVERICK_PANDADOC_MCP_REFRESH_TOKEN", "MAVERICK_PANDADOC_MCP_CLIENT_ID", "MAVERICK_PANDADOC_MCP_ACCESS_TOKEN"
Use a PandaDoc authorization with the minimum needed account privileges and revoke the integration if it is no longer needed.
Anyone or anything with access to that local credential file may be able to use the PandaDoc OAuth tokens.
The initializer writes the supplied access and refresh tokens into a local mcporter credential file. This is normal OAuth wrapper behavior, but it creates persistent local credential material.
mcp_vault="${HOME}/.mcporter/credentials.json" ... tokens: {access_token: env.mcp_access, refresh_token: env.mcp_refresh, token_type: "Bearer"}Keep the runtime home directory protected, avoid sharing the mcporter credential vault, and rotate/revoke tokens if the environment is compromised.
Future npm package changes could affect the behavior of the installed mcporter CLI.
The skill depends on an external npm package installed at the latest version. The artifact discloses this and recommends pinning for stricter controls.
Auto-installed via `npm install -g --ignore-scripts mcporter` if missing on PATH ... The install spec uses unpinned `mcporter` (npm `latest`)
Pin mcporter to a reviewed version in controlled environments.
PandaDoc document and workflow data may be processed by the active MCP/tool provider for the integration.
The data flow to the active tool provider is disclosed and purpose-aligned, but it involves sensitive PandaDoc business data and the repository does not include a provider-owned PandaDoc MCP manifest.
Runtime tool calls, if present in the active OpenClaw environment, use Maverick-provisioned OAuth credentials and expose PandaDoc document, template, recipient, proposal, and status data to the active tool provider.
Use the skill only for PandaDoc-related tasks and avoid sending unrelated sensitive content through the tools.