Qlik Cloud
v0.1.0Complete Qlik Cloud analytics platform integration with 37 tools. Health checks, search, app management, reloads, natural language queries (Insight Advisor), automations, AutoML, Qlik Answers AI, data alerts, spaces, users, licenses, data files, and lineage. Use when user asks about Qlik, Qlik Cloud, Qlik Sense apps, analytics dashboards, data reloads, or wants to query business data using natural language.
⭐ 1· 1.6k·0 current·0 all-time
by@undsoul
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's name/description promise a complete 37-tool Qlik Cloud integration, but the package contains no scripts, binaries, or code implementing those tools. The SKILL.md references many scripts (scripts/*.sh) and instructs adding a Tenant URL and API key, yet the skill metadata declares no required environment variables, no primary credential, and there is no source/homepage. This mismatch suggests the skill either expects external artifacts to already exist on the agent or is incomplete/mispackaged.
Instruction Scope
Runtime instructions tell the agent to add sensitive credentials to TOOLS.md and to run numerous bash scripts that output JSON. Those files are not present in the skill bundle. Instructing the user/agent to place API keys in a TOOLS.md file (likely plaintext) is a risky operational practice. The instructions do not reference unrelated system files, but they do assume write access to a shared config file and execution of absent scripts — granting broad discretion to the agent in order to locate/run external artifacts.
Install Mechanism
There is no install spec (instruction-only), which minimizes direct install risk because nothing is written or executed by the skill itself. However, the instructions depend on an external scripts/ directory and on the environment having bash scripts available; those artifacts are not bundled or linked, so the skill as delivered cannot perform the promised operations without external components.
Credentials
The SKILL.md explicitly requires a QLIK_TENANT URL and QLIK_API_KEY (and asks the user to add these to TOOLS.md), which are appropriate for a Qlik Cloud integration. However, the skill metadata lists no required env vars or primary credential, creating an inconsistency. Additionally, the guidance to store API keys in a TOOLS.md file (plaintext) is poor practice and increases risk of credential exposure.
Persistence & Privilege
The skill does not request always:true and does not claim persistent installation. It does not request system-wide configuration changes in the manifest. There is no evidence it would modify other skills or agent-wide settings.
What to consider before installing
Do not install or enable this skill until its origin and contents are clarified. Specific actions to take before trusting it:
- Ask the publisher for the repository or homepage so you can inspect the actual scripts the SKILL.md references. The current bundle contains only documentation and no scripts.
- Require the skill metadata to declare its required env vars (QLIK_TENANT, QLIK_API_KEY) and to explain where scripts live and how they are installed. Mismatched metadata is a red flag.
- Do not store API keys in a plaintext TOOLS.md file. Use a secret manager or the agent's secure credential storage, and confirm where credentials will be stored and who can read them.
- If you obtain the scripts, review them for network calls, data exfiltration, or arbitrary command execution before running. Test in an isolated environment with a least-privilege Qlik API key.
- If you cannot get a verifiable source (Git repo, vendor homepage, or signed release), treat this skill as untrusted and avoid providing production Qlik credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk9764d99hra9smhbr265ty5w7980gmnc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.