QVerisAI
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may call a wide range of QVeris-discovered external tools when a user request appears relevant.
This documents a broad dynamic tool-execution gateway. It is the stated purpose of the skill, but users should notice the breadth before allowing autonomous calls.
Search and execute dynamic tools via QVeris API... covers weather, search, stocks, finance, economics, geolocation, AIGC, news, social media, health data, and thousands more.
For sensitive, costly, or high-impact tasks, ask the agent to show the selected tool and parameters before execution.
Anyone using the skill must trust QVeris with the API key and any usage charged to that key.
The script reads the QVeris API key from the environment and sends it as a bearer token to QVeris. This is expected for the integration, and the code does not show reads of other environment variables.
const key = process.env.QVERIS_API_KEY; ... Authorization: `Bearer ${apiKey}`Use a scoped, revocable QVeris API key, monitor usage, and rotate the key if you suspect misuse.
Queries, tool parameters, and results may be processed by QVeris and potentially downstream services selected through QVeris.
Execution parameters are sent to the QVeris API, which acts as a dynamic external tool gateway. This is disclosed and purpose-aligned, but it means user-supplied parameters leave the local environment.
const BASE_URL = "https://qveris.ai/api/v1"; ... body: JSON.stringify({ search_id: searchId, parameters, max_response_size: maxResponseSize })Avoid sending secrets, private personal data, or regulated information unless you have reviewed QVeris’s data handling and the specific tool being called.