wesign-mcp-server
by GalSened
Overview
The WeSign MCP Server enables AI assistants to manage digital signature workflows, documents, templates, and user administration with the WeSign platform.
Installation
npx wesign-mcp-serverEnvironment Variables
- WESIGN_API_URL
- WESIGN_EMAIL
- WESIGN_PASSWORD
- WESIGN_PERSISTENT
- API_KEY
- PORT
Security Notes
The server has critical security vulnerabilities if exposed publicly. The `wesign_download_document` tool allows a user-controlled `savePath` parameter, enabling potential directory traversal and arbitrary file write if not rigorously sanitized by the AI. Similarly, `wesign_upload_document` and `wesign_create_document_collection` read local files via `filePath`, posing an information disclosure risk if an attacker can control this path. The `docker-compose.yml` and configuration guides contain real-looking example credentials ('nirk@comsign.co.il', 'Comsign1!'), which is a bad practice as users might deploy them directly. Debug logging in `wesign-client.ts` includes full request/response data, which could expose sensitive information (e.g., passwords in login requests) in logs during production if not properly redacted.
Similar Servers
google-docs-mcp
Allows AI assistants to programmatically interact with Google Docs, Sheets, and Drive for document management, editing, formatting, and file organization.
nutrient-dws-mcp-server
Integrates Nutrient DWS Processor API with AI assistants for powerful PDF document processing, including digital signing, editing, OCR, and redaction.
mcp-server-atlassian-jira
Connects AI assistants to Jira projects, issues, and workflows to enable natural language interaction for project management and issue tracking.
mcp-server-atlassian-confluence
Connects AI assistants to Atlassian Confluence knowledge bases, enabling natural language interaction to query, search, and manage Confluence content.