Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Open Agreements
v0.2.1Fill standard legal agreement templates (NDAs, cloud service agreements, SAFEs) and produce signable DOCX files. Supports Common Paper, Bonterms, and Y Combi...
⭐ 0· 23·0 current·0 all-time
bySteven Obiajulu@stevenobiajulu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (fill templates, create DOCX, send via DocuSign) align with the instructions: discover templates, collect fields, fill templates, and send for signature. References to GitHub, npm, and a remote MCP endpoint are consistent with providing template data and a hosted service.
Instruction Scope
Instructions stay within the stated purpose and do not ask the agent to read unrelated files or secrets. They do direct writing a temporary file (/tmp/oa-values.json) and to call remote MCP APIs or a local CLI. However the instructions do not explicitly warn the user that template contents and signer details will be transmitted to the remote MCP (openagreements.ai) or to npm-executed code, which is important because those payloads may contain sensitive contract data.
Install Mechanism
There is no install spec in the skill bundle, but the fallback instructs the agent to run `npx -y open-agreements@latest` (npm remote execution) or `open-agreements` binary. Running npx will fetch and execute code from the npm registry at runtime — a moderate-to-high risk operation if not audited. The MCP endpoint (https://openagreements.ai/api/mcp) is an external custom API; using it will send user data off-host. Both behaviors are plausible for the feature but increase attack surface and privacy risk.
Credentials
The skill declares no required environment variables or credentials, which is consistent. However, the workflow depends on DocuSign OAuth via the MCP `connect_signing_provider` tool (which opens an OAuth URL). That means OAuth tokens and agreement data will be handled by the MCP service or the DocuSign provider; the SKILL.md does not make clear where tokens are stored or how long data is retained. No explicit environment/credential requests reduces immediate credential-exfiltration concerns, but the lack of detail on server-side handling is notable.
Persistence & Privilege
The skill is instruction-only, does not request persistent presence (always:false), and does not instruct modifying agent/system-wide configuration. It writes a temporary file to /tmp as part of CLI fallback, which is reasonable for the described operations.
What to consider before installing
This skill is internally consistent with its stated purpose, but it relies on remote components that can affect your privacy and security. Before installing or running it: 1) Review the open-agreements GitHub repo and npm package source yourself (the SKILL.md points to them) — do not run npx blindly. 2) Understand that using the Remote MCP (https://openagreements.ai/api/mcp) will send filled template contents and signer details to that service and to DocuSign during OAuth flows; avoid sending confidential terms unless you trust and have audited the service. 3) When asked to open an OAuth URL, confirm you are authorizing DocuSign (check redirect domain and scopes). 4) If you prefer stronger guarantees, self-host the tool or install a vetted binary locally rather than using npx or the remote MCP. 5) If you proceed, limit the data you submit (redact sensitive details) until you have verified the code and privacy policy.Like a lobster shell, security has layers — review code before you run it.
latestvk97ap7p5x1vn5ehpa7vm65dpt184fn5s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.