ClawHub

chatdoc-studio-api

Security checks across malware telemetry and agentic risk

Overview

This is legitimate ChatDOC API documentation, but it needs Review because it handles sensitive remote document workflows and includes unsafe bulk app-deletion examples.

Review before installing if you might use this with production ChatDOC accounts or sensitive files. Treat uploads, prompts, retrieval queries, conversations, and extracted outputs as data sent to a third-party service. Do not let an agent run the deletion examples without explicit approval, a dry-run list of exact app IDs, backups or recovery planning, and confirmation that the account token is scoped appropriately.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (17)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to upload documents to a third-party API for multiple workflows but does not disclose privacy, retention, or sensitive-data handling considerations. This can lead users to transmit confidential or regulated documents externally without informed consent or appropriate safeguards.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The authentication guidance shows use of a bearer API key and environment variables but omits basic credential safety guidance such as keeping keys out of source control, prompts, client-side code, and logs. This increases the chance of accidental key exposure and unauthorized API use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to upload source documents and submit them to an Agent App service, but it does not clearly warn that document contents will be transmitted to and processed by a remote service. This can lead users to send sensitive or regulated data without informed consent, increasing privacy, compliance, and data-handling risk in a document-processing context.

Missing User Warnings

High
Confidence
93% confidence
Finding
This workflow normalizes bulk deletion of apps based only on age, with no confirmation, dry-run mode, allowlist, or ownership checks beyond whatever the API token already permits. In an agent skill context, users may copy or automate this pattern, creating a realistic risk of mass irreversible destruction of production assets through overly broad criteria.

Missing User Warnings

High
Confidence
93% confidence
Finding
The TypeScript management workflow performs automated bulk deletion of apps older than 90 days without human approval or protective controls. In a skill intended to guide agent/app development, this creates a dangerous copy-paste pattern that could lead to large-scale irreversible deletion when run with a valid team API key.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation enables conversation history and message retrieval features but does not warn users that chat contents may be retained and later accessible through history APIs. In a chat application handling potentially sensitive user prompts and model outputs, this omission can lead to accidental storage and exposure of private data to app operators or other authorized API consumers.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The streaming schema exposes a `reasoning_content` field without any warning or restriction guidance. Internal reasoning fields can contain sensitive prompts, hidden chain-of-thought, policy logic, retrieved snippets, or other confidential context that should not be surfaced to end users or downstream clients by default.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs users to upload documents to the extraction service but does not explicitly warn that document contents are transmitted to and processed by a remote service. This can lead users to submit sensitive PDFs or Office documents without understanding the privacy, confidentiality, or compliance implications, especially in enterprise or regulated environments.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The examples explicitly upload local files such as invoices and documents to a remote third-party API, but the documentation does not warn users that local content will leave their machine and may contain sensitive data. In documentation for agent skills, this omission is a real security/privacy issue because users may run examples on production files without understanding the transmission and retention implications.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation instructs users to upload PDFs and retrieve extracted content but does not disclose that documents and their parsed contents are transmitted to and retained by a third-party service. This can cause users to send sensitive or regulated data without informed consent, creating privacy, confidentiality, and compliance risk, especially for enterprise or personal documents.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The examples explicitly demonstrate uploading local PDF files to a third-party remote API, but they do not warn users that full document contents leave the local system. In documentation for a parser API this behavior is expected, but the absence of a clear disclosure can still cause accidental transmission of sensitive or regulated documents.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The examples write downloaded Markdown and Excel outputs directly to user-specified paths without warning that existing files may be created or overwritten. This is a mild safety issue because users may inadvertently replace local files or save parsed sensitive content to insecure locations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples repeatedly instruct users to send authenticated requests containing app IDs, source/upload IDs, and natural-language retrieval queries to a third-party API, but do not clearly warn that document metadata and user prompts are transmitted off-system. In a RAG/content-retrieval context, those queries often contain sensitive business or personal information, so the omission can lead to unintended data disclosure by users who assume examples are local-only.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation instructs users to upload team documents for storage and downstream parsing without warning that uploaded content may contain sensitive or regulated data. This omission can lead users to send confidential files to the service without considering data handling, retention, access control, or compliance implications, increasing the risk of unintended disclosure or policy violations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The examples repeatedly instruct users to upload local files to a third-party API but do not include any warning about privacy, sensitivity, consent, or data handling implications. In documentation for file-upload workflows, this omission can lead users to unknowingly transmit confidential documents, making this a genuine security/privacy weakness in the skill content.

External Transmission

Medium
Category
Data Exfiltration
Content
"retrieval_token_length": retrieval_token_length,
    }

    response = requests.post(url, headers=headers, json=data)
    response.raise_for_status()
    return response.json()["data"]
Confidence
90% confidence
Finding
requests.post(url, headers=headers, json=

External Transmission

Medium
Category
Data Exfiltration
Content
}
```

### cURL

```bash
# Basic retrieval
Confidence
91% confidence
Finding
cURL ```bash # Basic retrieval curl -X POST "${CHATDOC_STUDIO_BASE_URL}/rag/apps/abc123/retrieval" \ -H "Authorization: Bearer ${CHATDOC_STUDIO_API_KEY}" \ -H "Content-Type: application/json" \

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal