74
/ 100
1 day ago
official

shahdadk/swiftsign

E-signatures for agents: mint a sandbox key, send PDFs, track status, download the sealed result.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
⚠️
Tool annotations don’t match behaviour
1 read-only tool performs write/delete/exec — swiftsign_download_signed_pdf (line 441: writeFile(target, buffer))
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
🔐
You'll be asked for 2 credentials: DOCUSIGN_INTEGRATION_KEY, SWIFTSIGN_API_KEY
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
🔐 secretDOCUSIGN_INTEGRATION_KEY
configDOCUSIGN_REDIRECT_PORT
🔐 secretSWIFTSIGN_API_KEY"": "sk_your_api_key"
configSWIFTSIGN_API_URL
configSWIFTSIGN_URL
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 5 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/shahdadk-swiftsign-1s6j2b)](https://m8ven.ai/mcp/shahdadk-swiftsign-1s6j2b)
commit: 65e8a631b1988c99ea7b6a37e0df8b2d9bbf3610
code hash: 4c6fa19f4b03b0f52ceabc8a7cc4b237e1a4476feec7c000ee3a00a4908e3621
verified: 7/9/2026, 10:01:40 AM
view raw JSON →