ClawHub

QVeris Official

v1.0.9

QVeris is a capability discovery and tool calling engine. Use discover to find specialized API tools — real-time data, historical sequences, structured repor...

2· 4.7k·87 current·90 all-time
byLinfang Wang@linfangw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description claim a capability-discovery / tool-calling engine; the only required environment variable is QVERIS_API_KEY and all network endpoints point to qveris.ai. The requested credential aligns with the service the skill integrates with and nothing else (no unrelated cloud creds or tokens).
Instruction Scope
SKILL.md instructs the agent to discover and call API tools, preferring native/http_request/script tiers and falling back to web_search; the runtime instructions and bundled scripts operate only against the declared API and only read the declared environment variable. Instructions do not direct the agent to read arbitrary local files, other env vars, or send data to unexpected endpoints.
Install Mechanism
There is no install spec (instruction-only), reducing install risk. Three Node scripts are bundled for an optional script-execution tier; they are plain JS files referencing only the declared API endpoint and env var, and no external download/extraction is performed.
Credentials
Only QVERIS_API_KEY is required and used by the scripts and instructions. No other credentials, secrets, or config paths are requested. The primaryEnv matches the declared usage in code (process.env.QVERIS_API_KEY).
Persistence & Privilege
always is false and the skill does not request forced permanent presence or modify other skills or system-wide settings. It can be invoked autonomously (platform default) but that is normal and not in itself a concern given the limited scope.
Assessment
This skill appears to be what it says: a discovery-and-call façade for qveris.ai that needs only QVERIS_API_KEY. Before installing, verify you obtain the API key from the official qveris.ai site and consider giving the key minimal scope (read-only / per-agent) and usage limits if possible. If you want to avoid executing bundled scripts locally, ensure the environment lacks an available 'exec' capability or Node runtime (Tier 3 is optional); otherwise the skill will prefer http_request/native tiers. Be aware that using the skill sends queries/parameters to qveris.ai, so avoid sending sensitive secrets or personal data in discovery/call parameters. Finally, monitor usage and network traffic for unexpected activity and check any provider billing implications.

Like a lobster shell, security has layers — review code before you run it.

latestvk974wkhp8dacc2dee16rj0kthx83h9r1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvQVERIS_API_KEY
Primary envQVERIS_API_KEY

Comments