Upstage Schema Generation
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: upstage-schema-generation Version: 1.0.0 The skill bundle is a legitimate tool designed to generate JSON schemas for document information extraction using the Upstage API. The provided Python code in SKILL.md and the workflows in the reference files (vlm-workflow.md, schema-design.md) are consistent with the stated purpose, using standard API calls and environment variables for authentication. There is no evidence of malicious intent, data exfiltration to unauthorized endpoints, or prompt injection attacks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may use your Upstage API key to call the schema-generation service.
The skill needs a provider API key. This is expected for the Upstage integration, but the registry requirements say no required env vars or primary credential, so users should be aware of the credential use.
**API Key**: `UPSTAGE_API_KEY` environment variable is required.
Use a dedicated, appropriately scoped API key if possible, and avoid exposing the key in prompts, files, or logs.
Documents used for schema generation may be sent to Upstage or processed by an external model.
Default API mode uploads document content to the Upstage endpoint for schema generation. This is disclosed and purpose-aligned, but it means document contents leave the local environment.
POST https://api.upstage.ai/v1/information-extraction/schema-generation ... with open("document.pdf", "rb") as f: b64 = base64.b64encode(f.read()).decode() ... "image_url": {"url": f"data:application/pdf;base64,{b64}"}Only use documents you are permitted to share with the provider, and redact or avoid highly sensitive samples when possible.
If you provide a broad folder, the agent may inspect more documents or pages than you expected.
When a folder is provided, the skill allows the agent to choose how much of it to inspect. This is relevant to schema quality and user-directed, but it is not tightly bounded in the instructions.
Decide autonomously how many files to examine and how many pages per file to read in order to generate the best possible schema.
Provide a narrow folder or explicit file list, and specify any limits on pages or sample count.