← 返回 Skills 市场
Quantinuumclaw
作者
Arun Nadarasa
· GitHub ↗
· v0.1.0
381
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install quantinuumclaw
功能描述
Enables building and deploying quantum computing applications with Quantinuum, Guppy, Selene, and Fly.io. Use for the OpenClaw Clinical Hackathon, clinical o...
安全使用建议
This bundle appears to do what it says — scaffold a FastAPI backend (Selene), example Guppy circuits, a React frontend, and helpers to deploy to Fly.io. Before you use it: 1) Verify provenance — the README points to a GitHub repo (arunnadarasa/quantinuumclaw); check that upstream source and commits. 2) Inspect scripts that run automatic actions (scripts/flyio_deploy.py, scripts/create_quantum_app.py, scripts/setup_selene_service.py) for any network calls or shell execution you don’t expect. 3) Don’t put PHI in inputs; follow the SKILL.md admonition to use synthetic/de‑identified data. 4) Secrets: when targeting real hardware set QUANTUM_API_KEY via Fly.io secrets (do not commit keys or put them in frontend code). Also review the frontend proxy and CORS settings (templates allow_origins=["*"]) and restrict them for production. 5) When told to install tools (flyctl via curl|sh or pip/npm), prefer installing from trusted package sources or review the install script first. If you want higher assurance, run the templates locally in an isolated dev environment, review Dockerfile and deploy scripts, and scan the repository with your standard supply-chain/security tooling.
功能分析
Type: OpenClaw Skill
Name: quantinuumclaw
Version: 0.1.0
The skill bundle is suspicious due to several vulnerabilities in the generated code and default configurations, rather than intentional malice. The `assets/selene-template/main.py` file defaults to a wide-open CORS policy (`allow_origins=["*"]`), which is a significant security flaw, despite a `TODO` comment. Additionally, the `scripts/lovable_integrate.py` script generates frontend files by directly embedding user-provided arguments (like `app-name`, `quantum-use-case`, `backend-url`) into HTML and JavaScript templates without sanitization, creating a reflected XSS vulnerability in the generated frontend if the AI agent is prompted with malicious input. The skill's documentation, however, provides good security advice, such as using Fly.io secrets for API keys and synthetic data for clinical demos.
能力评估
Purpose & Capability
The repository contents (scripts to scaffold backends/frontends, a Selene FastAPI template, Fly.io deploy helpers, and a Lovable React frontend) match the skill's declared purpose of building and deploying Quantinuum/Guppy/Selene apps. No unrelated binaries or credentials are requested in the metadata.
Instruction Scope
SKILL.md instructs the agent and user to run local Python scripts, edit generated code, set Fly.io secrets for hardware access, and deploy to Fly.io. The instructions stay within the expected scope (scaffolding, running quantum circuits, deployment). They explicitly warn about PHI and recommend storing API keys in Fly.io secrets. No instructions ask the agent to read arbitrary host files or exfiltrate unrelated data.
Install Mechanism
The skill is instruction-only (no registry install spec), so nothing is automatically downloaded by the platform. The docs recommend installing external tools (flyctl via curl install script) and Python/Node dependencies when you run the templates locally; those are normal but carry the usual risk of running install scripts obtained at the time of user execution. Review any remote install commands (e.g., curl | sh) and the scripts that invoke CLI tools before running them.
Credentials
Registry metadata lists no required environment variables, which is reasonable for a template skill. However the templates and docs reference optional secrets/env vars (QUANTUM_API_KEY, VITE_API_KEY, API_KEY, PORT, QUANTUM_HARDWARE) that are needed when targeting real hardware or enabling auth. This is not malicious but is a small inconsistency between metadata and file contents—users must still supply these secrets when using hardware or production deployments.
Persistence & Privilege
The skill does not request always:true and does not appear to modify other skills or system-wide settings. It is user-invocable and can be run by the agent, which is the platform default and expected for a scaffolding/deployment skill.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install quantinuumclaw - 安装完成后,直接呼叫该 Skill 的名称或使用
/quantinuumclaw触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of the quantinuumclaw skill for building and deploying quantum-powered clinical and web applications.
- Provides an end-to-end stack: Quantinuum (hardware/emulator), Guppy (quantum language), Selene (FastAPI backend), Fly.io (cloud deployment), and Lovable (frontend template).
- Includes scripts for rapid app creation, backend setup, cloud deployment, and frontend integration.
- Features templates and references specifically for clinical/healthcare quantum use-cases (drug discovery, treatment optimization, patient stratification, molecular simulation, clinical trials, etc.).
- Offers compliance and data handling guidance for healthcare projects.
- Documentation includes workflow, troubleshooting, use-case mapping, performance/cost/security tips, and advanced patterns.
元数据
常见问题
Quantinuumclaw 是什么?
Enables building and deploying quantum computing applications with Quantinuum, Guppy, Selene, and Fly.io. Use for the OpenClaw Clinical Hackathon, clinical o... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 381 次。
如何安装 Quantinuumclaw?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install quantinuumclaw」即可一键安装,无需额外配置。
Quantinuumclaw 是免费的吗?
是的,Quantinuumclaw 完全免费(开源免费),可自由下载、安装和使用。
Quantinuumclaw 支持哪些平台?
Quantinuumclaw 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Quantinuumclaw?
由 Arun Nadarasa(@arunnadarasa)开发并维护,当前版本 v0.1.0。
推荐 Skills