qveris

SUSPICIOUS: the skill's stated purpose matches dynamic tool search/execution, and qveris.ai appears to be the official same-org endpoint, so this is not outright malicious. However, the scope is broad for an auto-invoked skill, all requests and params are routed through a third-party aggregator, and the unseen wrapper script leaves enforcement details unclear. Risk is mainly from delegated execution and credentialed brokered access, not confirmed malware.

The fragment documents a remote-install/install-and-run workflow for a Claude Code skill interfacing with QVeris, which introduces notable supply-chain and secret-management risks despite no embedded malicious code in the fragment itself. Primary risk drivers are remote installers, lack of integrity verification, and environment-based secret exposure. Actionable mitigations include signature/hash verification for installers, using pinned, signed packages, secret management (instead of plain env exports), and auditing downstream scripts (uv, qveris_tool.py) for secure handling and least-privilege.