Analyse Data
ReviewAudited by ClawScan on May 6, 2026.
Overview
This appears to be a coherent ChartGen integration, but it sends confirmed prompts and spreadsheet files to an external service using a ChartGen API key.
This skill looks purpose-aligned and includes confirmation before submitting work. Before installing, make sure you are comfortable sending selected spreadsheet files and prompts to ChartGen, use a dedicated API key if possible, verify that CHARTGEN_API_URL is not set to an unexpected endpoint, and expect background polling for longer jobs.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use your ChartGen account/API quota and authenticate requests as you.
The helper reads a ChartGen API key from the environment or local config files so it can authenticate to the ChartGen service.
if (process.env.CHARTGEN_API_KEY) return process.env.CHARTGEN_API_KEY; ... path.join(home, ".chartgen", "api_key")
Use a dedicated ChartGen API key if possible, store it only in the documented locations, and revoke or rotate it if you stop using the skill.
Your confirmed prompt and any selected CSV/Excel/TSV data may leave your local environment and be processed by ChartGen or by a configured alternate endpoint.
Uploaded files and requests are sent to the ChartGen API, and the destination can be overridden with CHARTGEN_API_URL.
const BASE_URL = process.env.CHARTGEN_API_URL || "https://chartgen.ai"; ... url: `${BASE_URL}/api/usl-service/fileTable/upload`Only upload data you are allowed to send to ChartGen, and leave CHARTGEN_API_URL unset unless you intentionally trust the alternate endpoint and it uses HTTPS.
A ChartGen job may keep running or polling after the initial response until it completes or times out.
The skill can poll long-running ChartGen jobs in the background or through a temporary cron-style loop.
"background": true ... poll every 90s with `poll {task_id}` ... Timeout after 25 min.Use this only when you expect a long-running analysis or PPT generation task, and ensure any background polling is stopped after completion or timeout.
The assistant may present marketing-style claims while guiding you to configure credentials.
The error-handling instructions include promotional trust-building language when asking the user to obtain or configure an API key.
Mention ChartGen is #1 Product of the Day on Product Hunt, built by Ada.im.
Treat promotional claims as marketing, and decide whether to configure an API key based on your own trust and data-handling requirements.