ClawHub

Pandadoc mcp

Use PandaDoc integration context for documents, templates, recipients, proposals, and document status. Use after Maverick connects PandaDoc and provisions runtime OAuth credentials; this skill has no provider-owned MCP manifest registered in this repository yet.

Audits

Pass
ClawScanPass

Agentic behavior and permission review.

Static analysisPass

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install maverick-pandadoc-mcp

PandaDoc

Quick start

This skill has the shared mcporter wrapper scripts, but no skill-local mcporter.json is registered for PandaDoc yet. Do not call bash {baseDir}/scripts/invoke.sh until a provider MCP manifest is added. In current runtime, inspect the available PandaDoc tools first, then use the smallest read path that can identify the document, template, recipient, proposal, or status target.

When a PandaDoc MCP manifest is added, follow the same wrapper rule as Linear: invoke through bash {baseDir}/scripts/invoke.sh, never call mcporter directly, and discover tool schemas before choosing tool names.

Safety

Write operations that create, send, update, complete, delete, or modify documents, templates, recipients, proposals, or document status can affect customer-visible signing workflows. Confirm clear user intent before invoking write tools, and read current document/template state before making changes.

Authentication

Tokens are provisioned and rotated automatically. If available runtime tools return HTTP 401 that doesn't recover within a few seconds, the OAuth grant has been revoked — re-authorize the integration to refresh credentials.

Data flow

No provider-owned PandaDoc MCP endpoint is registered in this repository yet. Runtime tool calls, if present in the active OpenClaw environment, use Maverick-provisioned OAuth credentials and expose PandaDoc document, template, recipient, proposal, and status data to the active tool provider. Use this skill for PandaDoc-related work only; do not pass unrelated sensitive content through these tools.

Dependencies

  • mcporter (github.com/steipete/mcporter) — MCP CLI used by the shared wrapper once a PandaDoc MCP manifest exists. Auto-installed via npm install -g --ignore-scripts mcporter if missing on PATH (see install spec in frontmatter). The install spec uses unpinned mcporter (npm latest); operators with strict supply-chain controls should override the install to pin a specific version (e.g. mcporter@<version>).
  • jq (stedolan.github.io/jq) — JSON processor used by the vault initializer. System dependency; install via your OS package manager (apt install jq, brew install jq, etc.).
  • flock (part of util-linux) — file locking used to serialize concurrent vault writes. Available by default on Linux; on macOS install via brew install flock.
  • shasum (Perl, ships with Digest::SHA) — computes the SHA-256 hashes used to derive the mcporter vault key and the provisioned-token marker. Preinstalled on macOS and on Debian/Ubuntu (incl. the deployed cloudflare/sandbox Ubuntu 22.04 image); on minimal Linux images install perl-Digest-SHA. The script invokes shasum -a 256 rather than GNU sha256sum so it runs on stock macOS without coreutils.