Qlik Cloud
WarnAudited by ClawScan on May 10, 2026.
Overview
This appears to be a real Qlik Cloud integration, but it deserves review because it uses a powerful Qlik API key and at least one script can turn specially crafted user input into local Python code execution.
Install only if you trust the publisher and need agent access to Qlik Cloud. Use a least-privilege API key, keep credentials private, require confirmation before destructive or workflow-triggering actions, and avoid passing untrusted crafted questions or IDs until the Python interpolation issue is fixed.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A maliciously crafted question or other untrusted argument could potentially run commands with the same local privileges as the agent.
The user-supplied question is inserted directly into Python source code passed to python3 -c. A crafted question containing triple quotes and Python statements could break out of the string and execute local code.
QUESTION="${2:-}" ... echo "$RESPONSE" | python3 -c " ... question = '''$QUESTION'''Do not interpolate shell variables into Python source. Pass values through argv, environment variables, stdin, or JSON, and validate IDs before use.
The agent may be able to change or delete Qlik tenant resources when given a sufficiently privileged API key.
The skill exposes documented mutating operations, including deleting Qlik apps; this is purpose-aligned but high impact if the wrong ID is used or the agent acts without confirmation.
| `qlik-app-delete.sh` | Delete app | `<app-id>` |
Use explicit human confirmation for delete, run, cancel, trigger, and reload actions; verify resource IDs; prefer read-only or least-privilege credentials for analysis-only use.
If the API key is broad, the agent can access business data, users, licenses, apps, automations, alerts, and other tenant resources.
The skill requires a Qlik API key, which grants whatever tenant permissions that key has. This is expected for the integration, but it is sensitive account authority.
Add credentials to TOOLS.md: ... Tenant URL: https://your-tenant.region.qlikcloud.com ... API Key: your-api-key-here
Store the key securely, keep TOOLS.md private, use the narrowest Qlik permissions practical, and revoke the key when no longer needed.
Questions and related assistant responses may be stored or processed in the Qlik tenant's AI assistant service.
The script sends user questions to a Qlik Answers AI assistant and may create a remote conversation thread. This is purpose-aligned but affects where prompts and answers are stored.
# If no thread-id provided, creates a new thread automatically. ... /api/v1/assistants/${ASSISTANT_ID}/threads/${THREAD_ID}/actions/invokeAvoid sending sensitive prompts unless Qlik tenant policy permits it, and manage thread retention according to organizational requirements.
Installation or execution may fail on systems without these tools, and users may not see the dependency requirements in registry metadata.
The README lists local runtime dependencies, while the registry requirements say no required binaries. This is an install-contract gap rather than evidence of malicious behavior.
Requirements: - bash - curl - Python 3 (standard library only)
Declare bash, curl, Python 3, QLIK_TENANT, and QLIK_API_KEY in the skill metadata so users can review requirements before installation.