Qlik Cloud

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Qlik Cloud integration, but users should treat its API key and mutating admin scripts carefully.

Install only if you intend to let the agent access your Qlik Cloud tenant. Use a least-privilege API key, keep it out of committed files and shared chats, verify QLIK_TENANT points to your real HTTPS Qlik Cloud tenant, and require human confirmation before delete, reload cancel, automation run, or alert trigger actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The README explicitly instructs users to place a live Qlik API key into `TOOLS.md` and also shows environment-variable usage, but it does not warn that the key is a sensitive secret that must not be committed, shared, or logged. In an agent-skill ecosystem, configuration files are often checked into repositories, copied into support chats, or exposed to other tools, so this guidance materially increases the risk of credential leakage and unauthorized access to the tenant.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The description contains broad activation cues such as requests about Qlik, dashboards, analytics, reloads, or natural-language business data queries. This can cause the skill to trigger for general analytics requests and expose enterprise data operations or credentials in situations where a more limited or safer tool should have been selected.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documents destructive and state-changing operations like creating apps, deleting apps, triggering reloads, canceling reloads, running automations, and triggering alerts without requiring confirmation or warning about operational impact. In an agent context, this raises the risk of accidental production changes, outages, workflow execution, or data refresh disruptions from natural-language requests.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The documentation tells users to place a Qlik API key in TOOLS.md or environment variables but provides no guidance on secret storage, rotation, scoping, masking, or avoiding accidental disclosure. API keys for analytics platforms may grant broad access to business data and administrative functions, so weak handling increases the chance of credential leakage and downstream compromise.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script performs an irreversible DELETE request immediately once invoked, with no confirmation prompt, dry-run mode, or safeguard against accidental execution. In an agent/tooling context, this increases the chance that a mistaken prompt, misrouted automation, or unsafe orchestration will permanently delete a Qlik app without an opportunity for the user to stop it.

External Script Fetching

High

Category: Supply Chain
Content: TENANT="${QLIK_TENANT%/}" [[ "$TENANT" != http* ]] && TENANT="https://$TENANT" curl -sL \ -H "Authorization: Bearer ${QLIK_API_KEY}" \ -H "Content-Type: application/json" \ "${TENANT}/api/v1/automations?limit=${LIMIT}" | python3 -c "
Confidence: 91% confidence
Finding: curl -sL \ -H "Authorization: Bearer ${QLIK_API_KEY}" \ -H "Content-Type: application/json" \ "${TENANT}/api/v1/automations?limit=${LIMIT}" | python

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal