ChartGen
PassAudited by ClawScan on May 1, 2026.
Overview
ChartGen is a coherent charting/data-analysis integration that sends confirmed requests and selected spreadsheets to ChartGen’s API, so users should be comfortable sharing that data with the service.
Before installing, confirm you are comfortable sending selected CSV/Excel files and chart/report prompts to ChartGen. Keep the ChartGen API key scoped to this service, check that any configured ChartGen API URL is expected, and prefer the documented confirmation workflow before uploads.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can act on the user’s ChartGen account for the submitted analysis tasks.
The helper uses a ChartGen API key from the environment or ChartGen-specific config files to authenticate API requests.
if (process.env.CHARTGEN_API_KEY) return process.env.CHARTGEN_API_KEY;
Use a service-specific ChartGen API key, avoid placing unrelated tokens in the supported config files, and rotate the key if it is exposed.
Spreadsheet contents and the confirmed prompt may be sent to ChartGen for processing.
Selected spreadsheet files are uploaded to the ChartGen service using the configured API key.
url: `${BASE_URL}/api/usl-service/fileTable/upload`, ... Authorization: apiKeyOnly submit files and prompts that are appropriate to share with ChartGen, and verify any configured API URL is expected.
A ChartGen task may keep running and checking status after the initial request until completion or timeout.
The workflow may continue polling in the background after submission, but it is bounded by terminal status and a 25-minute timeout.
poll every 90s with `poll {task_id}`. On terminal status (`finished`/`error`/`not_found`), remove cron → STEP 4. Timeout after 25 min.Use the background polling only for confirmed tasks and ensure any cron-style polling is removed when the task finishes or times out.