docusign-automation

The skill description is functionally correct for DocuSign automation and contains no overt malicious code. Primary security concern is the supply-chain/trust model: the required Rube MCP (https://rube.app/mcp) mediates OAuth and all DocuSign API traffic, concentrating sensitive tokens, document contents, and envelope operations in a third-party service. Before using this toolkit, verify the MCP operator's trustworthiness, request minimal OAuth scopes, confirm token retention and audit policies, and prefer hosting/tooling where you control credential storage or can review the actual toolkit implementation. If those controls cannot be validated, treat this integration as a moderate security risk for sensitive documents.