Reducto
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: reducto Version: 1.0.1 The 'reducto' skill is a standard integration for the Reducto document processing API, utilizing a proxy service at api.maton.ai. The SKILL.md file provides legitimate documentation and Python/JavaScript code snippets for document parsing, data extraction, and connection management. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found; the skill operates as described by facilitating managed API access to third-party document services.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill is allowing the agent to make Reducto-related API requests with the configured Maton credential.
The skill requires a bearer API key that authorizes calls through Maton, giving the agent delegated access to the connected Reducto integration.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Use a dedicated Maton key where possible, keep it secret, and verify the connected Reducto account before processing documents.
Document URLs, extracted data requests, and related metadata may pass through external services during processing.
The skill discloses a gateway/proxy flow where document-processing requests and credentials are handled through Maton and forwarded to Reducto.
Maton proxies requests to `platform.reducto.ai` and automatically injects your API key.
Do not send confidential documents unless you are comfortable with Maton and Reducto handling them under their service terms.
If used carelessly, the agent could modify documents or manage API connections in ways that affect the user's account or outputs.
The skill includes document and connection mutation capabilities, but it also states that create, update, and delete operations must be confirmed with the user.
Parse, extract, split, and edit PDFs/DOCX files. ... All write operations require explicit user approval.
Approve write, edit, create, or delete actions only after checking the target document, connection, and intended effect.