ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nota Sign

v1.0.2

Send files for e-signature with Nota Sign. Use for requests to send an envelope, initiate signing, send a signing link, configure Nota Sign credentials, or s...

0· 10·0 current·0 all-time
by@notasign
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the script performs signing, token generation, file upload, and envelope creation against Nota Sign endpoints. The requested credential set (appId, appKey/private key, userCode, serverRegion, environment) is appropriate for this integration and appears necessary for cryptographic signing and API access.
Instruction Scope
SKILL.md clearly limits actions to reading the specified file/attachment or URL, validating file type/size, reading/writing a nota sign config at ./notasign-config.json or ~/.notasign/config.json, and invoking the bundled script. There are no instructions to read unrelated system files or environment variables. The script does read local files for upload and writes its own config file — behavior that aligns with its stated purpose.
Install Mechanism
There is no persistent install spec (instruction-only), which is low-risk. The runtime instructions use npx to transiently fetch node@20 and tsx if the local Node.js is older than 18; that requires network access to npm and pulls third-party packages at runtime. This is expected for the provided fallback but increases runtime network trust surface.
Credentials
No environment variables are declared, and none are required. The skill asks the user to supply and store a Base64 PKCS#8 private key (appKey) and other credentials in a local config file — this is proportionate to the need to sign requests, but these are sensitive secrets. The documentation recommends protecting the file (chmod 600); storing long-lived private keys on disk is expected here but should be considered sensitive.
Persistence & Privilege
The skill is not always-included and is user-invocable. It writes only its own config file (~/.notasign/config.json or ./notasign-config.json) and does not request system-wide privileges or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.
Assessment
This skill appears to do exactly what it claims: send documents to Nota Sign and manage Nota Sign credentials. If you plan to install it, be aware it will ask you for and store sensitive credentials (including a Base64 PKCS#8 private key) in ~/.notasign/config.json or a local override. Protect that file (e.g., chmod 600) and only provide PROD credentials if you trust the skill and its source. The script may transiently download node@20 and tsx from npm if your Node version is older than 18 — ensure outbound access to npm is acceptable. If you need higher assurance, review the full scripts/send_envelope.ts contents locally before entering secrets or run the skill in an isolated environment.
scripts/send_envelope.ts:457
Environment variable access combined with network send.
!
scripts/send_envelope.ts:226
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk979r0besyxy9xest0xk1jr51d841nb4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Nota Sign

Use this skill when the user wants to send a supported file for signature through Nota Sign.

Supported tasks

  • Send a supported local file, uploaded attachment, or URL for signature
  • Collect one or more signer names and emails
  • Initialize Nota Sign credentials on first use
  • Update or replace existing credentials when the user explicitly asks
  • Send in PROD or UAT environment

Inputs

Collect only the missing fields.

Required to send:

  • file path, uploaded attachment path, or URL
  • at least one signer with userName and userEmail

Supported file formats:

  • doc, docx, pdf, xls, xlsx, bmp, png, jpg, jpeg

Size limit:

  • local files and uploaded attachments must be <= 100MB

Optional:

  • subject Default to the file name when the user does not provide one.

Required only when config is missing or the user asks to reconfigure:

  • appId
  • appKey as Base64 PKCS#8 RSA private key
  • userCode
  • serverRegion in CN | AP1 | AP2 | EU1
  • environment in PROD | UAT Default to PROD.

Important:

  • PROD and UAT require separate credential sets
  • do not assume a PROD appId, appKey, userCode, or serverRegion can be reused in UAT
  • do not assume a UAT appId, appKey, userCode, or serverRegion can be reused in PROD
  • if the user switches environments, treat it as a full reconfiguration and collect the full target-environment credential set

Workflow

  1. Check whether ./notasign-config.json exists; if not, check ~/.notasign/config.json.
  2. If config is missing, ask only for the missing credential fields and write the config file.
  3. If the user wants to switch between PROD and UAT, do not only flip environment. Collect the full target-environment values for appId, appKey, userCode, and serverRegion, then rewrite the config.
  4. Validate the file input before sending:
    • local path must exist, or
    • uploaded attachment must resolve to a real local file path, or
    • remote input must start with http:// or https://
  5. Validate the file type against the supported list: doc, docx, pdf, xls, xlsx, bmp, png, jpg, jpeg.
  6. Reject local files and uploaded attachments larger than 100MB.
  7. If the user uploaded a supported file in chat, treat it as a valid file input when the client exposes a real attachment path. If no real path or URL is available, ask the user for the original file path or a URL instead of guessing.
  8. Normalize signer input into JSON:
[{"userName":"Alice","userEmail":"alice@example.com"}]
  1. Check the local Node.js major version before execution.
  2. If node exists and the major version is 18+, run:
npx tsx scripts/send_envelope.ts --file "PATH_OR_URL" --signers '[{"userName":"Alice","userEmail":"alice@example.com"}]' --subject "Optional subject"
  1. If local Node.js is missing or below 18, temporarily download node@20 and tsx for this run only:
npx -y -p node@20 -p tsx -c 'tsx scripts/send_envelope.ts --file "PATH_OR_URL" --signers '"'"'[{"userName":"Alice","userEmail":"alice@example.com"}]'"'"' --subject "Optional subject"'
  1. Use the same fallback pattern for init:
npx -y -p node@20 -p tsx -c 'tsx scripts/send_envelope.ts init'
  1. On success, return the envelope ID and basic send summary.
  2. On failure, surface the exact validation or API error and state the next required action.

Config File

The shared config normally lives at ~/.notasign/config.json. The script also supports a local override at ./notasign-config.json.

Write the config in this shape:

{
  "appId": "your_app_id",
  "appKey": "base64_pkcs8_private_key",
  "userCode": "your_user_code",
  "serverRegion": "AP1",
  "environment": "PROD"
}

Notes:

  • environment is optional and defaults to PROD
  • the config stores one environment's credential set at a time
  • switching from PROD to UAT, or from UAT to PROD, requires replacing appId, appKey, userCode, and serverRegion with the target environment's values
  • do not switch environments by editing only the environment field
  • do not echo secrets back to the user after writing the config
  • do not overwrite an existing config unless the user asks to change credentials
  • if the temporary runtime fallback is needed, it requires network access to npm

Response Style

  • Ask concise follow-up questions only for missing information.
  • Prefer one grouped question instead of several small questions.
  • Do not ask for subject if the file name is good enough.
  • Do not invent emails, file paths, or credential values.
  • Keep credentials and private keys out of normal responses.
  • Prefer the direct scripts/send_envelope.ts command with a runtime check instead of inventing wrappers or extra helper files.
  • For user-uploaded files, prefer the attachment's real local path when available. If the attachment exists only as visual context and no path is available, ask for the original file path or URL.
  • Reject unsupported file types and local or attachment files above 100MB before trying to send.

Examples

This skill should trigger for requests like:

English:

  • "Send this file for signature with Nota Sign"
  • "Send the file I just uploaded to Daniel with Nota Sign"
  • "Use Nota Sign UAT to send this document to two signers"

Chinese:

  • "用 Nota Sign 发个信封给 Daniel,附件是 contract.pdf"
  • "把我刚上传的文件用 Nota Sign 发给 Daniel"
  • "帮我发起电子签署"

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…