QuiverAI Quickstart
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who obtains the API key could make QuiverAI requests as the user, and successful requests may consume account credits.
The skill requires a service API key to authenticate requests. This is expected for a QuiverAI API guide, but it gives access to the user's QuiverAI account/API quota.
QuiverAI API使用Bearer认证方式。将密钥保存为 `QUIVERAI_API_KEY`
Use a dedicated, revocable API key if available, store it in a secure environment or secret manager, and never paste the real key into chat logs or source control.
Installing the SDK adds third-party package code to the user's project environment.
The guide asks the user to install an external SDK package without pinning a version. This is normal for an SDK quickstart, but it introduces dependency provenance and version-trust considerations.
npm install @quiverai/sdk
Verify the package name and publisher, prefer a pinned or lockfile-controlled version for projects, and install only in an appropriate development environment.