Upstage Schema Generation
AdvisoryAudited by Static analysis on May 6, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may use your Upstage API key to call the schema-generation service.
The skill needs a provider API key. This is expected for the Upstage integration, but the registry requirements say no required env vars or primary credential, so users should be aware of the credential use.
**API Key**: `UPSTAGE_API_KEY` environment variable is required.
Use a dedicated, appropriately scoped API key if possible, and avoid exposing the key in prompts, files, or logs.
Documents used for schema generation may be sent to Upstage or processed by an external model.
Default API mode uploads document content to the Upstage endpoint for schema generation. This is disclosed and purpose-aligned, but it means document contents leave the local environment.
POST https://api.upstage.ai/v1/information-extraction/schema-generation ... with open("document.pdf", "rb") as f: b64 = base64.b64encode(f.read()).decode() ... "image_url": {"url": f"data:application/pdf;base64,{b64}"}Only use documents you are permitted to share with the provider, and redact or avoid highly sensitive samples when possible.
If you provide a broad folder, the agent may inspect more documents or pages than you expected.
When a folder is provided, the skill allows the agent to choose how much of it to inspect. This is relevant to schema quality and user-directed, but it is not tightly bounded in the instructions.
Decide autonomously how many files to examine and how many pages per file to read in order to generate the best possible schema.
Provide a narrow folder or explicit file list, and specify any limits on pages or sample count.