ClawHub

QVeris Skill Test

v1.0.2

QVeris is a capability discovery and tool calling engine. Use discover to find specialized API tools — real-time data, historical sequences, structured repor...

0· 83·0 current·0 all-time
byLinfang Wang@linfangw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the behavior: the skill discovers and calls API tools via qveris.ai. Declared and used resources (QVERIS_API_KEY, qveris.ai endpoint) are appropriate for this purpose.
Instruction Scope
SKILL.md directs the agent to discover and call tools and to prefer native/http_request tiers; it does not request unrelated files, system config, or extra environment variables. The included scripts only use QVERIS_API_KEY and the qveris.ai API.
Install Mechanism
No install spec; this is instruction- and script-included (tier 3) only. Scripts are provided in the repo and no external archives or download URLs are used, so install risk is low.
Credentials
Only QVERIS_API_KEY is required and is the primary credential. The code reads process.env.QVERIS_API_KEY only; no other secrets or unrelated env vars are requested.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or modify other skills. auto_invoke (agent invocation allowed) is the normal default and not a special concern here.
Assessment
This skill appears to do exactly what it says: use QVERIS_API_KEY to call the QVeris API at qveris.ai and optionally run the included Node.js scripts if node/exec are available. Before installing: only provide an API key if you trust qveris.ai and you want the agent to make outbound requests to that host; consider using a scoped API key with limited permissions and monitor network/activity. If you do not want the skill to execute local Node scripts, ensure your environment disallows exec/node or avoid invoking the script-execution tier. Review the included scripts (they only use the API key and the qveris.ai endpoint) if you want to verify behavior yourself.

Like a lobster shell, security has layers — review code before you run it.

latestvk970367gadxa103nq6ktcmxmy983gpk0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvQVERIS_API_KEY
Primary envQVERIS_API_KEY

Comments