← 返回 Skills 市场

Nota Sign

Name: Nota Sign
Author: notasign

作者 notasign · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install notasign

功能描述

Send files for e-signature with Nota Sign. Use for requests to send an envelope, initiate signing, send a signing link, configure Nota Sign credentials, or s...

安全使用建议

This skill appears coherent for sending documents via Nota Sign, but consider the following before installing: 1) The script will store sensitive credentials (private key, appId, userCode) in a local config file — protect ~/.notasign/config.json (chmod 600) and avoid storing unrelated secrets there. 2) The fallback runtime temporarily downloads Node/tsx from npm when needed; that requires network access and fetches packages at runtime. 3) When the agent constructs npx command lines with user-supplied file paths or JSON signer strings, ensure inputs are sanitized to avoid shell/argument injection. 4) Confirm you trust the Nota Sign endpoints listed in the code (openapi-*.notasign.* / openapi-*.uat.notasign.*) before uploading sensitive documents. If you want higher assurance, run the provided script locally in a controlled environment first and inspect the full script output and network calls.

功能分析

Type: OpenClaw Skill Name: notasign Version: 1.0.1 The 'notasign' skill is a legitimate integration for the Nota Sign e-signature service, allowing users to send documents for signing via local files or URLs. The core logic in `scripts/send_envelope.ts` implements standard API authentication using RSA-SHA256 signatures and JWTs, with configuration stored locally in `~/.notasign/config.json`. While it includes a runtime fallback that uses `npx` to fetch `node@20` for compatibility, this behavior is documented and aligned with the skill's functional requirements. No evidence of data exfiltration, malicious execution, or prompt injection was found.

能力评估

✓ Purpose & Capability

Name/description (send files for e-signature with Nota Sign) match the included code and SKILL.md. The script validates files, constructs signatures, obtains tokens, uploads files, and calls Nota Sign endpoints. Required credentials are the Nota Sign appId/appKey/userCode/region, which are appropriate for this integration and are stored in local config files (./notasign-config.json or ~/.notasign/config.json).

ℹ Instruction Scope

Instructions are narrowly scoped to reading local files or URLs, collecting signer info, storing Nota Sign credentials in a local config, and invoking the TypeScript script. It explicitly instructs not to echo secrets. Note: the runtime uses shell-invoked npx commands with JSON and file path arguments — if the agent or caller interpolates untrusted values into those command-line arguments, there is a risk of argument/command injection or accidental leakage. Also the script will transmit file contents and credentials to external Nota Sign API endpoints as expected for its purpose.

ℹ Install Mechanism

No persistent install spec; the skill is instruction-plus-script. The SKILL.md uses npx/tsx and includes a fallback that temporarily downloads node@20 and tsx from npm when local Node.js is older than 18. That is coherent for running a TypeScript script but does require network access to npm for the fallback and pulls runtime packages for the single run.

✓ Credentials

No unrelated environment variables or registry-declared secrets are requested. The only secrets are Nota Sign credentials (appKey is a Base64 PKCS#8 private key) which the skill legitimately needs to sign requests and obtain access tokens. Those are stored in local config files rather than environment variables.

✓ Persistence & Privilege

The skill does not request always:true, does not modify other skills, and only writes its own config at ./notasign-config.json or ~/.notasign/config.json. Autonomous invocation is allowed (platform default) but not excessive for this integration.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install notasign
安装完成后，直接呼叫该 Skill 的名称或使用 /notasign 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

- Expanded skill description and usage instructions for broader scenarios, including sending files, credentials setup, environment switching (PROD/UAT), and attachment handling. - Enforced file type and size validation (accepts doc, docx, pdf, xls, xlsx, bmp, png, jpg, jpeg; size ≤ 100MB). - Added detailed credential management: requires new credentials for each environment, does not reuse between PROD/UAT. - Clear user-facing prompts for missing info; improved handling of uploaded files and signer details. - Runtime fallback now temporarily installs node@20 if local Node.js is below 18, ensuring compatibility. - Enhanced error reporting and summary responses on envelope send.

v1.0.0

- Initial release of notasign skill. - Provides full API integration with Nota Sign electronic signature platform. - Supports envelope management, document upload, and automated signing workflows. - Prompts user for configuration and signing information as needed.

元数据

Slug notasign

版本 1.0.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题

Nota Sign 是什么？

Send files for e-signature with Nota Sign. Use for requests to send an envelope, initiate signing, send a signing link, configure Nota Sign credentials, or s... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 93 次。

如何安装 Nota Sign？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install notasign」即可一键安装，无需额外配置。

Nota Sign 是免费的吗？

是的，Nota Sign 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Nota Sign 支持哪些平台？

Nota Sign 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Nota Sign？

由 notasign（@notasign）开发并维护，当前版本 v1.0.1。