← 返回 Skills 市场
QuantumOS
作者
murtiurti4
· GitHub ↗
· v0.2.0
744
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install quantumos
功能描述
Install and manage QuantumOS, an AI command center dashboard for OpenClaw. Use when the user wants to set up QuantumOS, start/stop the dashboard, troubleshoo...
安全使用建议
Read before running. Recommendations:
- Inspect the GitHub repository (https://github.com/murtiurti4/quantumos.git) yourself before running setup.sh; confirm code matches expectations and review package.json/package-lock for risky dependencies.
- Backup HEARTBEAT.md (and any workspace config) before making changes. Do not blindly append the automatic triage block — review and restrict the instructions (remove/limit the "start working on it" automatic behavior) or run triage manually until you trust the setup.
- The setup script will try to read your OpenClaw config (~/.openclaw/openclaw.json) to auto-detect gateway.token and will write that token into the project's .env.local; consider entering a scoped/temporary token, or edit .env.local manually instead of letting the script write it.
- Run npm install in a controlled environment (or inspect dependencies), and consider running the server in a container or VM first rather than on a host with sensitive data.
- Be cautious about allowing any agent automatic task execution that could perform actions on your systems; prefer manual confirmation or tight guardrails.
- If you are unsure, mark this skill as 'suspicious' and request the upstream repo source and code review from a trusted developer before installing.
功能分析
Type: OpenClaw Skill
Name: quantumos
Version: 0.2.0
The skill is classified as suspicious due to two main reasons: 1) The `scripts/setup.sh` file directly accesses and reads the user's `~/.openclaw/openclaw.json` file to extract the `gateway.token`. While this token is used for local configuration (written to `.env.local`), accessing sensitive credentials directly is a high-risk operation that could be exploited if the dashboard itself were compromised. 2) The `SKILL.md` file contains explicit instructions for the AI agent to perform actions like `GET http://localhost:3005/api/mission-control/tasks` and manage tasks, which constitutes prompt injection. Although the objective appears to be legitimate integration with the skill's functionality, this demonstrates a risky capability to directly control the agent's behavior.
能力评估
Purpose & Capability
The skill's code and instructions align with its stated purpose: setup.sh clones a Next.js dashboard repo, installs npm deps, creates data dirs, and wires in the OpenClaw gateway token. That behavior is expected for an "install and manage dashboard" skill. However, the SKILL.md also instructs adding an automated triage block to HEARTBEAT.md (agent/workspace behavior), which is arguably beyond a pure UI install and changes runtime agent behavior.
Instruction Scope
SKILL.md tells the user to append a block to HEARTBEAT.md that directs an agent to periodically GET localhost:3005/api/mission-control/tasks and automatically 'generate a proper title', set status to in_progress, and 'start working on it' — this grants broad, autonomous task-processing instructions. The setup script also reads ~/.openclaw/openclaw.json to auto-detect a gateway.token and writes an .env.local with that token. Reading/writing the user's OpenClaw config and modifying workspace behavioral files expands the skill's scope beyond installing a dashboard and could cause agents to act without finer-grained constraints.
Install Mechanism
This is an instruction-only skill with a bundled setup.sh that clones a GitHub repository (https://github.com/murtiurti4/quantumos.git) and runs npm install. Cloning a public GitHub repo and installing npm deps is expected for this purpose, but npm install will bring third-party packages (normal risk). There is no opaque remote binary download or URL shortener in the install script.
Credentials
The skill declares no required env vars but the script reads ~/.openclaw/openclaw.json to auto-detect gateway.token and writes OPENCLAW_GATEWAY_TOKEN and OPENCLAW_GATEWAY_PORT into the project's .env.local. It also creates files under ~/.openclaw/mission-control and ~/.openclaw/dashboard-data. These are relevant to the dashboard but would ideally be documented as required config access because they involve reading a local credential and writing data into the user's OpenClaw folder. The SKILL.md also suggests optionally adding an XAI_API_KEY for X feeds.
Persistence & Privilege
always:false and normal autonomous invocation are fine. The main concern is the instruction to append an automated triage block to HEARTBEAT.md (workspace/agent instructions). That is a modification to agent/workspace behavior and could give agents broad autonomous powers to start work on tasks. The skill does not itself force-enable persistent system-wide privileges, but it instructs the user to alter files that affect agent runtime behavior.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install quantumos - 安装完成后,直接呼叫该 Skill 的名称或使用
/quantumos触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.0
Auto MC triage setup, dynamic agent identity, XAI key prompt, default feed config
v0.1.0
Initial release
元数据
常见问题
QuantumOS 是什么?
Install and manage QuantumOS, an AI command center dashboard for OpenClaw. Use when the user wants to set up QuantumOS, start/stop the dashboard, troubleshoo... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 744 次。
如何安装 QuantumOS?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install quantumos」即可一键安装,无需额外配置。
QuantumOS 是免费的吗?
是的,QuantumOS 完全免费(开源免费),可自由下载、安装和使用。
QuantumOS 支持哪些平台?
QuantumOS 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 QuantumOS?
由 murtiurti4(@murtiurti4)开发并维护,当前版本 v0.2.0。
推荐 Skills