← 返回 Skills 市场
Hackathon Quantinuum
作者
Arun Nadarasa
· GitHub ↗
· v0.1.1
407
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install quantum
功能描述
Enables building and deploying quantum computing applications with Quantinuum, Guppy, Selene, and Fly.io. Use for the OpenClaw Clinical Hackathon, clinical o...
安全使用建议
This bundle appears to be what it claims: templates and scripts for building quantum-backed web apps and deploying them to Fly.io. Before running anything, review the included scripts (scripts/*.py) to see what commands they execute (they likely call flyctl, docker/npm, and may run subprocesses). Do not paste production API keys into frontend code — use Fly.io secrets and keep QUANTUM_API_KEY server-side. Tighten CORS (do not leave allow_origins = ["*"]) and add authentication/rate-limiting before exposing services. Avoid blindly running curl | sh from docs; install flyctl from an official source you trust. If you plan to handle clinical data, follow the skill's own advice: use synthetic/de‑identified data and ensure HIPAA/DPA compliance and data residency controls. If you want extra assurance, request the contents of scripts/create_quantum_app.py and scripts/flyio_deploy.py so you can inspect any subprocess calls or network operations they perform.
功能分析
Type: OpenClaw Skill
Name: quantum
Version: 0.1.1
The skill bundle is classified as suspicious due to multiple code injection and argument injection vulnerabilities in its Python scaffolding scripts. Specifically, `scripts/setup_selene_service.py` and `scripts/lovable_integrate.py` generate code and configuration files by directly embedding user-provided arguments (e.g., `app_name`, `backend_url`, `use_case`) into f-strings, which could lead to Remote Code Execution (RCE) or Cross-Site Scripting (XSS) if an attacker controls these inputs. Additionally, `scripts/flyio_deploy.py` passes user-controlled arguments directly to `flyctl` commands, posing a risk of argument injection. The `assets/selene-template/main.py` also defaults to an insecure `allow_origins=["*"]` CORS configuration. While these are significant vulnerabilities, there is no clear evidence of intentional malicious behavior such as data exfiltration to unknown third parties or backdoor installation.
能力评估
Purpose & Capability
The name/description (Quantinuum + Guppy + Selene + Fly.io + Lovable frontend) match the included templates and scripts: FastAPI backend template, React frontend, and deploy scripts are present. There are no unrelated credentials or binaries required by the manifest. The files and docs align with the stated purpose of building and deploying quantum web apps and hackathon demos.
Instruction Scope
Runtime instructions direct the agent/user to run the provided Python scripts to scaffold services and to deploy using Fly.io. The docs explicitly instruct managing API keys via Fly.io secrets and warn about PHI — appropriate for clinical demos. Two operational notes: (1) the Selene template enables permissive CORS (allow_origins = ["*"]) by default (the docs note to restrict it in production), and (2) the documentation includes a curl | sh snippet to install flyctl; piping install scripts is common but potentially risky if used blindly. Overall instructions stay within the skill's purpose but require the user to apply standard operational security before production use.
Install Mechanism
There is no automated install spec for the skill bundle (instruction-only), and code/templates are provided inline. That minimizes hidden-install risk. The docs reference installing flyctl (including a curl | sh example) and standard package installation (pip, npm) for the generated apps; these are expected for the described workflow but should be executed with standard caution.
Credentials
The skill manifest declares no required environment variables, which is reasonable for a template bundle. However the instructions and templates reference typical secrets like QUANTUM_API_KEY (Quantinuum), VITE_API_KEY (frontend), and recommend using Fly.io secrets. This is coherent but important: real deployments will require secret env vars and the frontend template can pick up VITE_API_KEY if set — users must not place sensitive keys in frontend builds or commit them to source. The number and type of env vars referenced are proportional to deploying to hardware and hosting on Fly.io.
Persistence & Privilege
The skill does not request always-on inclusion, does not modify other skills, and contains only templates/scripts that run in the user's environment. There is no installer creating persistent system-level components in the manifest. Generated apps may be configured to run continuously on Fly.io depending on fly.toml, but that's user-controlled.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install quantum - 安装完成后,直接呼叫该 Skill 的名称或使用
/quantum触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
quantinuumclaw 0.1.1
- Adds detailed documentation (SKILL.md) describing stack components: Quantinuum, Guppy, Selene, Fly.io, and optional frontend.
- Provides clinical and general use-case guides, stack workflow, and quick-start commands.
- Outlines best practices for clinical data, security, deployment, and troubleshooting.
- Includes resource references for setup scripts, API patterns, and use-case mappings.
- Clarifies compliance notes for healthcare deployments.
元数据
常见问题
Hackathon Quantinuum 是什么?
Enables building and deploying quantum computing applications with Quantinuum, Guppy, Selene, and Fly.io. Use for the OpenClaw Clinical Hackathon, clinical o... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 407 次。
如何安装 Hackathon Quantinuum?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install quantum」即可一键安装,无需额外配置。
Hackathon Quantinuum 是免费的吗?
是的,Hackathon Quantinuum 完全免费(开源免费),可自由下载、安装和使用。
Hackathon Quantinuum 支持哪些平台?
Hackathon Quantinuum 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Hackathon Quantinuum?
由 Arun Nadarasa(@arunnadarasa)开发并维护,当前版本 v0.1.1。
推荐 Skills