dropbox-sign

Integrates Dropbox Sign API for electronic signatures, enabling seamless document signing workflows and status tracking.

Install this skill

22/100

Security score

The dropbox-sign skill was audited on May 16, 2026 and we found 26 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 25

Curl to non-GitHub URL

SourceSKILL.md

25	curl -s "https://api.hellosign.com/v3/account" -u "$DROPBOX_SIGN_TOKEN:" \| jq '.account \| {account_id, email_address, quotas, callback_url}'

medium line 35

Curl to non-GitHub URL

SourceSKILL.md

35	curl -s -X POST "https://api.hellosign.com/v3/signature_request/send" -u "$DROPBOX_SIGN_TOKEN:" -F "title=NDA Agreement" -F "subject=Please sign this NDA" -F "message=Please review and sign at your ea

medium line 43

Curl to non-GitHub URL

SourceSKILL.md

43	curl -s -X POST "https://api.hellosign.com/v3/signature_request/send" -u "$DROPBOX_SIGN_TOKEN:" -F "title=NDA Agreement" -F "subject=Please sign" -F "signers[0][email_address][email protected]" -F "

medium line 51

Curl to non-GitHub URL

SourceSKILL.md

51	curl -s -X POST "https://api.hellosign.com/v3/signature_request/send_with_template" -u "$DROPBOX_SIGN_TOKEN:" -F "template_ids[0]=<template-id>" -F "subject=Please sign this contract" -F "signers[Clie

medium line 61

Curl to non-GitHub URL

SourceSKILL.md

61	curl -s "https://api.hellosign.com/v3/signature_request/<signature-request-id>" -u "$DROPBOX_SIGN_TOKEN:" \| jq '.signature_request \| {signature_request_id, title, is_complete, is_declined, signatures:

medium line 69

Curl to non-GitHub URL

SourceSKILL.md

69	curl -s "https://api.hellosign.com/v3/signature_request/list?page=1&page_size=20" -u "$DROPBOX_SIGN_TOKEN:" \| jq '{list_info, requests: [.signature_requests[] \| {signature_request_id, title, is_comple

medium line 79

Curl to non-GitHub URL

SourceSKILL.md

79	curl -s -X POST "https://api.hellosign.com/v3/signature_request/cancel/<signature-request-id>" -u "$DROPBOX_SIGN_TOKEN:"

medium line 89

Curl to non-GitHub URL

SourceSKILL.md

89	curl -s -X POST "https://api.hellosign.com/v3/signature_request/remind/<signature-request-id>" -u "$DROPBOX_SIGN_TOKEN:" -F "[email protected]" \| jq '.signature_request \| {signature_req

medium line 99

Curl to non-GitHub URL

SourceSKILL.md

99	curl -s "https://api.hellosign.com/v3/signature_request/files/<signature-request-id>?file_type=pdf" -u "$DROPBOX_SIGN_TOKEN:" --output /tmp/signed_document.pdf

medium line 107

Curl to non-GitHub URL

SourceSKILL.md

107	curl -s "https://api.hellosign.com/v3/signature_request/files/<signature-request-id>?get_url=1&file_type=pdf" -u "$DROPBOX_SIGN_TOKEN:" \| jq '{file_url, expires_at}'

medium line 115

Curl to non-GitHub URL

SourceSKILL.md

115	curl -s "https://api.hellosign.com/v3/template/list?page=1&page_size=20" -u "$DROPBOX_SIGN_TOKEN:" \| jq '{list_info, templates: [.templates[] \| {template_id, title, message, signer_roles: [.signer_rol

medium line 121

Curl to non-GitHub URL

SourceSKILL.md

121	curl -s "https://api.hellosign.com/v3/template/<template-id>" -u "$DROPBOX_SIGN_TOKEN:" \| jq '.template \| {template_id, title, message, signer_roles: [.signer_roles[].name], custom_fields: [.custom_fi

medium line 141

Webhook reference - potential data exfiltration

SourceSKILL.md

141	6. Poll `GET /signature_request/{id}` or configure a callback URL. The API supports webhook callbacks for `signature_request_signed`, `signature_request_all_signed`, etc. — far cheaper than pollin

low line 8

External URL reference

SourceSKILL.md

8	If requests fail, run `zero doctor check-connector --env-name DROPBOX_SIGN_TOKEN` or `zero doctor check-connector --url https://api.hellosign.com/v3/account --method GET`

low line 25

External URL reference

SourceSKILL.md

25	curl -s "https://api.hellosign.com/v3/account" -u "$DROPBOX_SIGN_TOKEN:" \| jq '.account \| {account_id, email_address, quotas, callback_url}'

low line 35

External URL reference

SourceSKILL.md

35	curl -s -X POST "https://api.hellosign.com/v3/signature_request/send" -u "$DROPBOX_SIGN_TOKEN:" -F "title=NDA Agreement" -F "subject=Please sign this NDA" -F "message=Please review and sign at your ea

low line 43

External URL reference

SourceSKILL.md

43	curl -s -X POST "https://api.hellosign.com/v3/signature_request/send" -u "$DROPBOX_SIGN_TOKEN:" -F "title=NDA Agreement" -F "subject=Please sign" -F "signers[0][email_address][email protected]" -F "

low line 51

External URL reference

SourceSKILL.md

51	curl -s -X POST "https://api.hellosign.com/v3/signature_request/send_with_template" -u "$DROPBOX_SIGN_TOKEN:" -F "template_ids[0]=<template-id>" -F "subject=Please sign this contract" -F "signers[Clie

low line 61

External URL reference

SourceSKILL.md

61	curl -s "https://api.hellosign.com/v3/signature_request/<signature-request-id>" -u "$DROPBOX_SIGN_TOKEN:" \| jq '.signature_request \| {signature_request_id, title, is_complete, is_declined, signatures:

low line 69

External URL reference

SourceSKILL.md

69	curl -s "https://api.hellosign.com/v3/signature_request/list?page=1&page_size=20" -u "$DROPBOX_SIGN_TOKEN:" \| jq '{list_info, requests: [.signature_requests[] \| {signature_request_id, title, is_comple

low line 79

External URL reference

SourceSKILL.md

79	curl -s -X POST "https://api.hellosign.com/v3/signature_request/cancel/<signature-request-id>" -u "$DROPBOX_SIGN_TOKEN:"

low line 89

External URL reference

SourceSKILL.md

89	curl -s -X POST "https://api.hellosign.com/v3/signature_request/remind/<signature-request-id>" -u "$DROPBOX_SIGN_TOKEN:" -F "[email protected]" \| jq '.signature_request \| {signature_req

low line 99

External URL reference

SourceSKILL.md

99	curl -s "https://api.hellosign.com/v3/signature_request/files/<signature-request-id>?file_type=pdf" -u "$DROPBOX_SIGN_TOKEN:" --output /tmp/signed_document.pdf

low line 107

External URL reference

SourceSKILL.md

107	curl -s "https://api.hellosign.com/v3/signature_request/files/<signature-request-id>?get_url=1&file_type=pdf" -u "$DROPBOX_SIGN_TOKEN:" \| jq '{file_url, expires_at}'

low line 115

External URL reference

SourceSKILL.md

115	curl -s "https://api.hellosign.com/v3/template/list?page=1&page_size=20" -u "$DROPBOX_SIGN_TOKEN:" \| jq '{list_info, templates: [.templates[] \| {template_id, title, message, signer_roles: [.signer_rol

low line 121

External URL reference

SourceSKILL.md

121	curl -s "https://api.hellosign.com/v3/template/<template-id>" -u "$DROPBOX_SIGN_TOKEN:" \| jq '.template \| {template_id, title, message, signer_roles: [.signer_roles[].name], custom_fields: [.custom_fi

Scanned on May 16, 2026

View Security Dashboard

Installation guide →

GitHub Stars 60

Rate this skill

Categorysales

UpdatedMay 20, 2026

openclaw api customer-success-manager sales-operations business-development sales

vm0-ai/vm0-skills