qlik
WarnAudited by ClawScan on May 10, 2026.
Overview
This looks like a real Qlik Cloud integration, but it gives an agent broad Qlik account powers and some scripts handle user input in a way that could run unintended code.
Install only after reviewing the scripts and using a least-privilege Qlik API key. Require explicit approval before deleting apps, running automations, canceling reloads, or triggering alerts, and avoid putting sensitive secrets in files that may be committed or broadly shared.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with the wrong app ID, the agent could remove a Qlik app from the user's tenant.
The script performs a direct DELETE against a Qlik app once an app ID is provided; the provided file shows no confirmation or dry-run gate before the destructive request.
HTTP_CODE=$(curl -sL -w "%{http_code}" -o /tmp/qlik_delete_response.txt -X DELETE ... "${TENANT}/api/v1/apps/${APP_ID}")Require explicit user confirmation for app deletion, automation runs, reload cancellation, and similar high-impact actions; add dry-run/recovery guidance where possible.
A maliciously crafted prompt or argument could make the script run unintended local code with the agent user's permissions.
A user-supplied question is interpolated directly into Python source passed to python3 -c; a crafted value containing triple quotes could break out of the string and execute Python code locally.
QUESTION="${2:-}" ... echo "$RESPONSE" | python3 -c " ... question = '''$QUESTION'''Do not interpolate shell variables into Python code strings. Pass values through argv, environment variables, stdin, or JSON parsing with proper escaping.
A broad Qlik API key may allow the agent to read business data, inspect users/licenses, and perform tenant mutations through this skill.
The skill requires delegated Qlik credentials for all tools, while the registry metadata declares no required environment variables or primary credential and provides no scope guidance.
Add credentials to TOOLS.md: ... Tenant URL: https://your-tenant.region.qlikcloud.com ... API Key: your-api-key-here ... All scripts: QLIK_TENANT="https://..." QLIK_API_KEY="..."
Use a least-privilege Qlik service account/API key, avoid committing TOOLS.md with secrets, rotate the key regularly, and have the skill metadata declare its credential requirements.
Sensitive business questions or context may be stored in Qlik Answers conversation threads.
The Qlik Answers tool creates a remote assistant thread and sends the user's prompt to it; this is purpose-aligned but may persist business questions in the Qlik tenant.
If no thread ID, create one first ... "${TENANT}/api/v1/assistants/${ASSISTANT_ID}/threads" ... "/threads/${THREAD_ID}/actions/invoke"Document retention behavior, avoid sending unnecessary sensitive details, and let users choose or manage thread IDs for ongoing conversations.
Users have less information to verify who maintains the scripts or where updates come from.
The artifacts do not show a hidden installer, but provenance is not documented for a skill that includes many executable shell scripts.
Source: unknown; Homepage: none
Review the included scripts before installing and prefer a published source repository or signed release metadata.