Is signnow safe?

https://clawhub.ai/byungkyu/signnow

82
SAFE

The signnow skill is a legitimate SignNow e-signature API integration that routes requests through Maton's OAuth gateway. It contains no malicious code, no obfuscation, no install-time exploits, and no canary file access. The primary risks are inherent to its functionality: it normalizes the agent reading local files and uploading them to external services, transmits API credentials to a third-party proxy, and provides email-sending capabilities — all of which are standard for an e-signature integration but create data egress pathways that users should be aware of.

Category Scores

Prompt Injection 78/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 75/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 72/100 · 5%

Findings (8)

MEDIUM Inline Python code blocks intended for agent execution -15

The skill contains numerous Python heredoc code blocks designed to be executed by the agent via shell. While these are standard API client examples and don't contain malicious logic, they normalize the agent running Python code that makes HTTP requests to external endpoints from skill instructions.

MEDIUM API key sent to third-party gateway -10

All API requests route through gateway.maton.ai and ctrl.maton.ai, sending the user's MATON_API_KEY to these third-party endpoints on every request. Users should understand their credentials are shared with Maton's infrastructure.

MEDIUM Document exfiltration via legitimate API -15

The skill provides capabilities to read local files and upload them to an external service, and to send email invites to arbitrary addresses. While this is the intended functionality of an e-signature tool, it creates a data egress pathway that could be abused.

LOW Cross-skill reference to api-gateway -10

The skill description references another skill by URL, which could chain skill activations and expand the agent's attack surface.

LOW Document upload capability to external service -10

The skill provides code to upload local files to SignNow via Maton's gateway, representing a data egress pathway for potentially sensitive documents.

LOW Environment variable access normalization -7

The skill instructs the agent to read and transmit the MATON_API_KEY environment variable, normalizing env var access patterns.

INFO No install scripts, git hooks, or submodules 0

The skill contains no executable installation artifacts. Clean structure with only SKILL.md, _meta.json, LICENSE.txt, and origin.json.

INFO All honeypot files intact 0

No canary files were accessed or modified during the skill installation process.