ClawHub

Upstage Studio

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Upstage integration skill whose external document processing behavior is visible and aligned with its stated purpose, though users should treat uploads and publishing actions carefully.

Install or use this only if you intend to send documents and derived outputs to Upstage’s API. Avoid confidential, regulated, or secret-containing documents unless that processing is approved for your use case; clean up uploaded files/jobs when appropriate; and require explicit confirmation before publishing agents publicly, deleting resources, or cloning historical jobs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (14)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill instructs writing outputs to system temporary paths by default and to always print absolute paths, but does not warn the user that files will be created locally. This can expose sensitive document contents or extracted data to other local users, logging systems, or later processes that inspect temp directories.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples show uploading user documents and sending extracted content to a third-party API without any accompanying warning about external data transmission, retention, or sensitivity handling. In a document-processing skill, this can cause users to unknowingly transmit invoices or other sensitive files to a remote service, creating privacy, confidentiality, and compliance risks.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The publishing workflow includes changing agent visibility to public but does not warn that this may expose agent metadata or configurations beyond the user's private workspace. Without an explicit notice and confirmation step, users may unintentionally publish internal assets or make organizational workflows discoverable.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation explicitly supports `file_url` ingestion, which causes the service to fetch external content on behalf of the user, and separately notes a 7-day cache TTL for identical file/settings combinations. In a document-processing skill, these behaviors create real privacy and security risks if users are not clearly warned that remote URLs may trigger server-side fetches and that uploaded/derived results may be retained and reused from cache for several days.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation instructs users to send document files to remote preset agents for parsing and generation but does not warn that document contents will be transmitted to an external service and may contain sensitive or regulated data. In a document-processing skill, this omission can lead users to upload confidential files without informed consent or appropriate data-handling review.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill promotes automatic analysis of document contents to generate schemas and classification categories, but it does not advise users to review documents for sensitive information before processing. Because the feature is specifically designed to infer structure and meaning from uploaded content, it increases the chance that confidential information is exposed to third-party processing without adequate review.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documented automatic chaining behavior causes outputs from prior steps (parse, classify, extract, instruct) to be forwarded as context to later LLM steps by default. In a document-processing skill, this creates a real data-flow risk because sensitive document contents and extracted fields may be reused or disclosed to downstream steps without explicit user awareness, consent, or per-step minimization.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# 1. Upload file
curl -X POST https://api.upstage.ai/v2/files \
  -H "Authorization: Bearer $UPSTAGE_API_KEY" \
  -F "file=@invoice.pdf" \
  -F "purpose=user_data"
Confidence
94% confidence
Finding
curl -X POST https://api.upstage.ai/v2/files \ -H "Authorization: Bearer $UPSTAGE_API_KEY" \ -F "file=@invoice.pdf" \ -F "purpose=user_data" # → {"id": "file_xxx", ...} # 2. Create Agent curl -

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# 1. Upload file
curl -X POST https://api.upstage.ai/v2/files \
  -H "Authorization: Bearer $UPSTAGE_API_KEY" \
  -F "file=@invoice.pdf" \
  -F "purpose=user_data"
Confidence
94% confidence
Finding
https://api.upstage.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
}'

# 4. Run Job
curl -X POST https://api.upstage.ai/v2/responses \
  -H "Authorization: Bearer $UPSTAGE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
91% confidence
Finding
https://api.upstage.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
-H "Authorization: Bearer $UPSTAGE_API_KEY"

# 6. List results
curl "https://api.upstage.ai/v2/agents/agt_xxx/jobs?include[]=output:extract" \
  -H "Authorization: Bearer $UPSTAGE_API_KEY"
```
Confidence
86% confidence
Finding
https://api.upstage.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Full clone with Jobs
curl -X POST https://api.upstage.ai/v2/agents \
  -H "Authorization: Bearer $UPSTAGE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name": "cloned", "clone": {"agent_id": "agt_src", "with_jobs": true}}'
Confidence
84% confidence
Finding
https://api.upstage.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
-d '{"name": "cloned", "clone": {"agent_id": "agt_src", "with_jobs": true}}'

# Clone specific Config + source only
curl -X POST https://api.upstage.ai/v2/agents \
  -H "Authorization: Bearer $UPSTAGE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name": "filtered-clone", "clone": {"agent_id": "agt_src", "with_jobs": true, "config_id": "cfg_xxx", "source": "studio"}}'
Confidence
84% confidence
Finding
https://api.upstage.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
}'

# 2. Publish a specific config
curl -X PUT https://api.upstage.ai/v2/agents/agt_xxx/visibility \
  -H "Authorization: Bearer $UPSTAGE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
95% confidence
Finding
https://api.upstage.ai/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal