← Back to Skills Marketplace
arunnadarasa

Quantinuumclaw

by Arun Nadarasa · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
381
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install quantinuumclaw
Description
Enables building and deploying quantum computing applications with Quantinuum, Guppy, Selene, and Fly.io. Use for the OpenClaw Clinical Hackathon, clinical o...
Usage Guidance
This bundle appears to do what it says — scaffold a FastAPI backend (Selene), example Guppy circuits, a React frontend, and helpers to deploy to Fly.io. Before you use it: 1) Verify provenance — the README points to a GitHub repo (arunnadarasa/quantinuumclaw); check that upstream source and commits. 2) Inspect scripts that run automatic actions (scripts/flyio_deploy.py, scripts/create_quantum_app.py, scripts/setup_selene_service.py) for any network calls or shell execution you don’t expect. 3) Don’t put PHI in inputs; follow the SKILL.md admonition to use synthetic/de‑identified data. 4) Secrets: when targeting real hardware set QUANTUM_API_KEY via Fly.io secrets (do not commit keys or put them in frontend code). Also review the frontend proxy and CORS settings (templates allow_origins=["*"]) and restrict them for production. 5) When told to install tools (flyctl via curl|sh or pip/npm), prefer installing from trusted package sources or review the install script first. If you want higher assurance, run the templates locally in an isolated dev environment, review Dockerfile and deploy scripts, and scan the repository with your standard supply-chain/security tooling.
Capability Analysis
Type: OpenClaw Skill Name: quantinuumclaw Version: 0.1.0 The skill bundle is suspicious due to several vulnerabilities in the generated code and default configurations, rather than intentional malice. The `assets/selene-template/main.py` file defaults to a wide-open CORS policy (`allow_origins=["*"]`), which is a significant security flaw, despite a `TODO` comment. Additionally, the `scripts/lovable_integrate.py` script generates frontend files by directly embedding user-provided arguments (like `app-name`, `quantum-use-case`, `backend-url`) into HTML and JavaScript templates without sanitization, creating a reflected XSS vulnerability in the generated frontend if the AI agent is prompted with malicious input. The skill's documentation, however, provides good security advice, such as using Fly.io secrets for API keys and synthetic data for clinical demos.
Capability Assessment
Purpose & Capability
The repository contents (scripts to scaffold backends/frontends, a Selene FastAPI template, Fly.io deploy helpers, and a Lovable React frontend) match the skill's declared purpose of building and deploying Quantinuum/Guppy/Selene apps. No unrelated binaries or credentials are requested in the metadata.
Instruction Scope
SKILL.md instructs the agent and user to run local Python scripts, edit generated code, set Fly.io secrets for hardware access, and deploy to Fly.io. The instructions stay within the expected scope (scaffolding, running quantum circuits, deployment). They explicitly warn about PHI and recommend storing API keys in Fly.io secrets. No instructions ask the agent to read arbitrary host files or exfiltrate unrelated data.
Install Mechanism
The skill is instruction-only (no registry install spec), so nothing is automatically downloaded by the platform. The docs recommend installing external tools (flyctl via curl install script) and Python/Node dependencies when you run the templates locally; those are normal but carry the usual risk of running install scripts obtained at the time of user execution. Review any remote install commands (e.g., curl | sh) and the scripts that invoke CLI tools before running them.
Credentials
Registry metadata lists no required environment variables, which is reasonable for a template skill. However the templates and docs reference optional secrets/env vars (QUANTUM_API_KEY, VITE_API_KEY, API_KEY, PORT, QUANTUM_HARDWARE) that are needed when targeting real hardware or enabling auth. This is not malicious but is a small inconsistency between metadata and file contents—users must still supply these secrets when using hardware or production deployments.
Persistence & Privilege
The skill does not request always:true and does not appear to modify other skills or system-wide settings. It is user-invocable and can be run by the agent, which is the platform default and expected for a scaffolding/deployment skill.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install quantinuumclaw
  3. After installation, invoke the skill by name or use /quantinuumclaw
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of the quantinuumclaw skill for building and deploying quantum-powered clinical and web applications. - Provides an end-to-end stack: Quantinuum (hardware/emulator), Guppy (quantum language), Selene (FastAPI backend), Fly.io (cloud deployment), and Lovable (frontend template). - Includes scripts for rapid app creation, backend setup, cloud deployment, and frontend integration. - Features templates and references specifically for clinical/healthcare quantum use-cases (drug discovery, treatment optimization, patient stratification, molecular simulation, clinical trials, etc.). - Offers compliance and data handling guidance for healthcare projects. - Documentation includes workflow, troubleshooting, use-case mapping, performance/cost/security tips, and advanced patterns.
Metadata
Slug quantinuumclaw
Version 0.1.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Quantinuumclaw?

Enables building and deploying quantum computing applications with Quantinuum, Guppy, Selene, and Fly.io. Use for the OpenClaw Clinical Hackathon, clinical o... It is an AI Agent Skill for Claude Code / OpenClaw, with 381 downloads so far.

How do I install Quantinuumclaw?

Run "/install quantinuumclaw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Quantinuumclaw free?

Yes, Quantinuumclaw is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Quantinuumclaw support?

Quantinuumclaw is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Quantinuumclaw?

It is built and maintained by Arun Nadarasa (@arunnadarasa); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments