Security Audit

docusign

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

docusign received a trust score of 77/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Potential Command Injection via `base64` filename, Capability to read arbitrary files via `base64`, Potential URL Injection in `{envelope_id}` placeholder.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

71%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

3 findings

Shell Execution

3 findings

Dynamic Code

2 findings

Excessive Permissions

2 findings

Security Findings3

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via `base64` filename The skill uses `$(base64 -w0 document.pdf)` to encode a document. If the `document.pdf` filename is derived from untrusted user input without proper sanitization, an attacker could inject arbitrary shell commands. For example, replacing `document.pdf` with `"; evil_command; #"` would lead to the execution of `evil_command`. Ensure that any filename passed to `base64` is strictly validated and sanitized. If the LLM is responsible for generating the filename, it must be instructed to sanitize it by escaping shell metacharacters or using a programmatic file reading approach.	LLM	SKILL.md:22
MEDIUM	Capability to read arbitrary files via `base64` The skill's ability to execute `base64 -w0 <filename>` means it can read and encode the content of any file accessible to the agent. An attacker could craft a prompt to instruct the LLM to read sensitive files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, or other application configuration files) and potentially exfiltrate their base64-encoded content via the DocuSign API. Restrict the agent's filesystem access to only necessary directories. Implement strict input validation for file paths. Consider using a sandboxed environment for file operations.	LLM	SKILL.md:22
MEDIUM	Potential URL Injection in `{envelope_id}` placeholder The `curl` commands for "Get Envelope Status" and "Download Signed Document" use an `{envelope_id}` placeholder in the URL. If the LLM substitutes this placeholder with untrusted user input without proper URL encoding, an attacker could inject malicious characters or path traversal sequences (e.g., `../`) to access unintended API endpoints or manipulate the request. Instruct the LLM to strictly validate and URL-encode any user-provided input used to fill the `{envelope_id}` placeholder. Ensure the `envelope_id` conforms to expected DocuSign ID formats.	LLM	SKILL.md:34

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/3562e8a666c68785.svg)](https://skillshield.io/report/3562e8a666c68785)