← Back to Skills Marketplace

Signable

Name: Signable
Author: gora050

by Vlad Ursul · GitHub ↗ · v1.0.3 · MIT-0

cross-platform ⚠ suspicious

234

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install signable

Description

Signable integration. Manage Documents, Templates, Users, Teams. Use when the user wants to interact with Signable data.

Usage Guidance

This skill appears to do what it says: it uses the Membrane CLI to talk to Signable. Before installing or using it, consider: (1) Review the @membranehq/cli package and its repository (supply-chain risk with npm packages); prefer using npx or an isolated environment instead of npm -g. (2) Understand that signing in hands Signable access tokens to Membrane — only proceed if you trust Membrane and/or use an account with limited permissions. (3) Avoid running global installs on sensitive machines; run commands in a container or VM if you want to isolate risk. (4) Verify the Membrane privacy/security documentation (and the connector configuration) if you need to ensure tokens aren’t retained or used beyond expected scope. Overall the skill is internally consistent, but trust in the third-party Membrane service and the npm package is the primary remaining consideration.

Capability Analysis

Type: OpenClaw Skill Name: signable Version: 1.0.3 The skill provides instructions for the agent to install a global npm package (@membranehq/cli) and use the Membrane platform to interact with Signable. It involves high-risk capabilities such as global software installation, remote authentication flows, and the dynamic creation and execution of remote 'actions' (RCE-as-a-service). While these behaviors are aligned with the stated purpose of the integration, the reliance on external CLI installation and remote code execution constitutes a significant attack surface and meets the criteria for a suspicious classification (SKILL.md).

Capability Tags

requires-walletrequires-sensitive-credentials

Capability Assessment

✓ Purpose & Capability

The name/description say 'Signable integration' and the instructions consistently use Membrane to connect to Signable, discover and run actions. Required capabilities (network access, Membrane account, Membrane CLI) match the stated purpose; there are no unrelated credentials, binaries, or config paths requested.

✓ Instruction Scope

SKILL.md limits runtime steps to installing/using the Membrane CLI, logging in, creating a Signable connection, listing/creating/running actions, and polling for build state. It does not instruct the agent to read arbitrary local files, access unrelated env vars, or exfiltrate data to unexpected endpoints. It does require interactive browser-based login or a headless login code, which is appropriate for this pattern.

ℹ Install Mechanism

This is an instruction-only skill (no install spec). It recommends installing @membranehq/cli via 'npm install -g' (or using npx). Installing npm packages globally carries normal supply-chain risk (npm packages run arbitrary code at install/runtime). This is proportionate to the task but worth auditing: prefer using npx or installing in an isolated environment if you want to reduce risk.

✓ Credentials

The skill declares no required environment variables or local credentials. Auth is delegated to Membrane (browser-based or headless code flow). The only sensitive element is that users will grant Membrane access to their Signable account — that is expected but requires trust in Membrane's custody of tokens.

✓ Persistence & Privilege

always is false and the skill does not request persistent system-wide changes or modify other skills. Autonomous invocation is allowed (default) but that is normal; nothing in the skill requests elevated or always-on privileges.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install signable
After installation, invoke the skill by name or use /signable
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.3

Auto sync from membranedev/application-skills

v1.0.2

Revert refresh marker

v1.0.1

Refresh update marker

v1.0.0

Auto sync from membranedev/application-skills

Metadata

Slug signable

Version 1.0.3

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 4

Frequently Asked Questions

What is Signable?

Signable integration. Manage Documents, Templates, Users, Teams. Use when the user wants to interact with Signable data. It is an AI Agent Skill for Claude Code / OpenClaw, with 234 downloads so far.

How do I install Signable?

Run "/install signable" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Signable free?

Yes, Signable is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Signable support?

Signable is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Signable?

It is built and maintained by Vlad Ursul (@gora050); the current version is v1.0.3.

More Skills