ChartGen
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: chartgen Version: 1.0.22 The ChartGen skill is a standard integration for a data visualization service. The tool 'tools/chartgen_api.js' implements file uploads and API polling using Node.js built-ins, featuring reasonable security practices such as file-extension whitelisting (.csv, .xlsx, etc.) and path sanitization to prevent traversal when saving artifacts. The 'SKILL.md' instructions explicitly require the AI agent to obtain user confirmation before submitting any data, which acts as a safeguard against accidental or unauthorized data transmission.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can act on the user’s ChartGen account for the submitted analysis tasks.
The helper uses a ChartGen API key from the environment or ChartGen-specific config files to authenticate API requests.
if (process.env.CHARTGEN_API_KEY) return process.env.CHARTGEN_API_KEY;
Use a service-specific ChartGen API key, avoid placing unrelated tokens in the supported config files, and rotate the key if it is exposed.
Spreadsheet contents and the confirmed prompt may be sent to ChartGen for processing.
Selected spreadsheet files are uploaded to the ChartGen service using the configured API key.
url: `${BASE_URL}/api/usl-service/fileTable/upload`, ... Authorization: apiKeyOnly submit files and prompts that are appropriate to share with ChartGen, and verify any configured API URL is expected.
A ChartGen task may keep running and checking status after the initial request until completion or timeout.
The workflow may continue polling in the background after submission, but it is bounded by terminal status and a 25-minute timeout.
poll every 90s with `poll {task_id}`. On terminal status (`finished`/`error`/`not_found`), remove cron → STEP 4. Timeout after 25 min.Use the background polling only for confirmed tasks and ensure any cron-style polling is removed when the task finishes or times out.