QuiverAI Quickstart
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent QuiverAI API quickstart guide; it uses an API key and installs the QuiverAI SDK as expected, so users should handle the key and package install carefully.
This skill appears safe to use as a quickstart guide. Before following it, confirm you trust the QuiverAI SDK package source, install it in the intended project environment, and keep your QUIVERAI_API_KEY secret because API calls can use your account credits.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who obtains the API key could make QuiverAI requests as the user, and successful requests may consume account credits.
The skill requires a service API key to authenticate requests. This is expected for a QuiverAI API guide, but it gives access to the user's QuiverAI account/API quota.
QuiverAI API使用Bearer认证方式。将密钥保存为 `QUIVERAI_API_KEY`
Use a dedicated, revocable API key if available, store it in a secure environment or secret manager, and never paste the real key into chat logs or source control.
Installing the SDK adds third-party package code to the user's project environment.
The guide asks the user to install an external SDK package without pinning a version. This is normal for an SDK quickstart, but it introduces dependency provenance and version-trust considerations.
npm install @quiverai/sdk
Verify the package name and publisher, prefer a pinned or lockfile-controlled version for projects, and install only in an appropriate development environment.