← Back to Skills Marketplace
arunnadarasa

Hackathon Quantinuum

by Arun Nadarasa · GitHub ↗ · v0.1.1
cross-platform ⚠ suspicious
407
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install quantum
Description
Enables building and deploying quantum computing applications with Quantinuum, Guppy, Selene, and Fly.io. Use for the OpenClaw Clinical Hackathon, clinical o...
Usage Guidance
This bundle appears to be what it claims: templates and scripts for building quantum-backed web apps and deploying them to Fly.io. Before running anything, review the included scripts (scripts/*.py) to see what commands they execute (they likely call flyctl, docker/npm, and may run subprocesses). Do not paste production API keys into frontend code — use Fly.io secrets and keep QUANTUM_API_KEY server-side. Tighten CORS (do not leave allow_origins = ["*"]) and add authentication/rate-limiting before exposing services. Avoid blindly running curl | sh from docs; install flyctl from an official source you trust. If you plan to handle clinical data, follow the skill's own advice: use synthetic/de‑identified data and ensure HIPAA/DPA compliance and data residency controls. If you want extra assurance, request the contents of scripts/create_quantum_app.py and scripts/flyio_deploy.py so you can inspect any subprocess calls or network operations they perform.
Capability Analysis
Type: OpenClaw Skill Name: quantum Version: 0.1.1 The skill bundle is classified as suspicious due to multiple code injection and argument injection vulnerabilities in its Python scaffolding scripts. Specifically, `scripts/setup_selene_service.py` and `scripts/lovable_integrate.py` generate code and configuration files by directly embedding user-provided arguments (e.g., `app_name`, `backend_url`, `use_case`) into f-strings, which could lead to Remote Code Execution (RCE) or Cross-Site Scripting (XSS) if an attacker controls these inputs. Additionally, `scripts/flyio_deploy.py` passes user-controlled arguments directly to `flyctl` commands, posing a risk of argument injection. The `assets/selene-template/main.py` also defaults to an insecure `allow_origins=["*"]` CORS configuration. While these are significant vulnerabilities, there is no clear evidence of intentional malicious behavior such as data exfiltration to unknown third parties or backdoor installation.
Capability Assessment
Purpose & Capability
The name/description (Quantinuum + Guppy + Selene + Fly.io + Lovable frontend) match the included templates and scripts: FastAPI backend template, React frontend, and deploy scripts are present. There are no unrelated credentials or binaries required by the manifest. The files and docs align with the stated purpose of building and deploying quantum web apps and hackathon demos.
Instruction Scope
Runtime instructions direct the agent/user to run the provided Python scripts to scaffold services and to deploy using Fly.io. The docs explicitly instruct managing API keys via Fly.io secrets and warn about PHI — appropriate for clinical demos. Two operational notes: (1) the Selene template enables permissive CORS (allow_origins = ["*"]) by default (the docs note to restrict it in production), and (2) the documentation includes a curl | sh snippet to install flyctl; piping install scripts is common but potentially risky if used blindly. Overall instructions stay within the skill's purpose but require the user to apply standard operational security before production use.
Install Mechanism
There is no automated install spec for the skill bundle (instruction-only), and code/templates are provided inline. That minimizes hidden-install risk. The docs reference installing flyctl (including a curl | sh example) and standard package installation (pip, npm) for the generated apps; these are expected for the described workflow but should be executed with standard caution.
Credentials
The skill manifest declares no required environment variables, which is reasonable for a template bundle. However the instructions and templates reference typical secrets like QUANTUM_API_KEY (Quantinuum), VITE_API_KEY (frontend), and recommend using Fly.io secrets. This is coherent but important: real deployments will require secret env vars and the frontend template can pick up VITE_API_KEY if set — users must not place sensitive keys in frontend builds or commit them to source. The number and type of env vars referenced are proportional to deploying to hardware and hosting on Fly.io.
Persistence & Privilege
The skill does not request always-on inclusion, does not modify other skills, and contains only templates/scripts that run in the user's environment. There is no installer creating persistent system-level components in the manifest. Generated apps may be configured to run continuously on Fly.io depending on fly.toml, but that's user-controlled.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install quantum
  3. After installation, invoke the skill by name or use /quantum
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
quantinuumclaw 0.1.1 - Adds detailed documentation (SKILL.md) describing stack components: Quantinuum, Guppy, Selene, Fly.io, and optional frontend. - Provides clinical and general use-case guides, stack workflow, and quick-start commands. - Outlines best practices for clinical data, security, deployment, and troubleshooting. - Includes resource references for setup scripts, API patterns, and use-case mappings. - Clarifies compliance notes for healthcare deployments.
Metadata
Slug quantum
Version 0.1.1
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Hackathon Quantinuum?

Enables building and deploying quantum computing applications with Quantinuum, Guppy, Selene, and Fly.io. Use for the OpenClaw Clinical Hackathon, clinical o... It is an AI Agent Skill for Claude Code / OpenClaw, with 407 downloads so far.

How do I install Hackathon Quantinuum?

Run "/install quantum" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Hackathon Quantinuum free?

Yes, Hackathon Quantinuum is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Hackathon Quantinuum support?

Hackathon Quantinuum is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Hackathon Quantinuum?

It is built and maintained by Arun Nadarasa (@arunnadarasa); the current version is v0.1.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments