Hey, I recently got a strange email from @plugin.surf domain. It seems like someone apart from openAI has all the information about my plugin and also other chatGPT plugins. The data also includes info about my API yaml data. So I am concerned about how and why this happened.
Turns out the chatGPT can generate the API yaml definitions with 100% correctness.
Somehow plugin.surf also has my hosted url.
I mean, you posted a plugin publicly to a marketplace of plugins. Are you surprised that, in a community highly clustered on entrepreneurial data scrapers, that someone made a nice searchable database of available plugins? Especially considering how awful the marketplace that’s built into chatgpt is.
What security risk do you anticipate? If you put non-public information in a manifest file then yes, there is, but it’s not openai’s fault, it’s yours for not understanding what you were signing up for. These are inherently public documents.
I don’t see how this is relevant. In fact, it makes it even more obvious to me that someone in the community would scrape and create a nicer presentation of all the plugins. The site you’ve linked to is a boon, not a security risk. The security risk is you putting non-public info in an api manifest.
you’ve produced an API. Application. Programming. Interface.
Yes, the application you intend to use it is ChatGPT. However, any app that understands the very simple, very standard, JSON based protocol can use it too. If you want to prevent that, you should include oauth or some other authentication scheme. However, even if you do that, you still need a manifest file. That is, again, necessarily public.
Probably do a bit more research before you dive into things like this with your private data next time.
To be perfectly clear, not just to you but to anyone else who reads this: If you’ve made a plugin, you are hosting, at a minimum, publicly accessible files at <hostname.chucklefluck>/.well-known/ai-plugin.json and a yaml or json manifest linked to from that json file. These are easily accessible from the openai marketplace because your “legal”/“usage” documents are linked to from the marketplace, and almost all of the plugins I have used have hosted their .well-known directories on the same domain.
This is not a bad thing. Unless you’ve put private information into those files. If you have done so, take down your plugins, remove that information, and resubmit. If you want to keep your email private but need to have an email in your manifests, make a new email and forward it to yourself. If you’ve put private keys in there or something else insane like that, those keys are burnt, have been scraped by everyone and your mum, and I hope they dont key into the big red buttons. Change everything that they access to disallow those keys, and practice better… i want to say security but really its just common sense.
As I said though, the fact that these are public is not a bad thing. Its kind of the point. How else is chatGPT supposed to access them? If you thought you were making something private, well you put a link to that “private” thing on one of the most popular websites in the world, so good luck with that. Again, common sense here guys.
First of all, kudos to you for making sure your software is secure. It is a responsibility of every developer but not everyone takes this responsibility seriously!
My intention for the plugin directory is to provide a transparent, trustworthy and easy to use resource of publicly available data.
@chrstfer has already provided the technical perspective; it indeed is not a “data leak” but rather an act of documentation. It’s just how internet systems work I can recommend this OpenAI doc about auth schemas if you are concerned about someone abusing your public API.
Hope that helps! Please feel free to reach out to me directly at rafal at plugin dot surf if you have any further questions about how your plugin data is handled.
Sorry for being so flamey by the way, I just dont like seeing good creators get called into question. That site is awesome, and @rafal was kind enough even to email you that you were being listed there. That’s not a “strange” email, its just… nice. He didn’t have to do that haha.
Hope this gives you some perspective @JohnVersus, and if you have any further questions I’m sure someone here, myself or Rafal or anyone else can explain further.