Skillv0.1.0

ClawScan security

Quantinuumclaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 3, 2026, 1:57 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill and its files are coherent with its stated purpose (scaffolding, running, and deploying Guppy/Selene quantum apps to Fly.io); there are no obvious attempts to exfiltrate secrets or perform unrelated actions, but the package lacks provenance and has a few minor documentation/metadata inconsistencies you should review before use.
Guidance: This bundle appears to do what it says — scaffold a FastAPI backend (Selene), example Guppy circuits, a React frontend, and helpers to deploy to Fly.io. Before you use it: 1) Verify provenance — the README points to a GitHub repo (arunnadarasa/quantinuumclaw); check that upstream source and commits. 2) Inspect scripts that run automatic actions (scripts/flyio_deploy.py, scripts/create_quantum_app.py, scripts/setup_selene_service.py) for any network calls or shell execution you don’t expect. 3) Don’t put PHI in inputs; follow the SKILL.md admonition to use synthetic/de‑identified data. 4) Secrets: when targeting real hardware set QUANTUM_API_KEY via Fly.io secrets (do not commit keys or put them in frontend code). Also review the frontend proxy and CORS settings (templates allow_origins=["*"]) and restrict them for production. 5) When told to install tools (flyctl via curl|sh or pip/npm), prefer installing from trusted package sources or review the install script first. If you want higher assurance, run the templates locally in an isolated dev environment, review Dockerfile and deploy scripts, and scan the repository with your standard supply-chain/security tooling.

Review Dimensions

Purpose & Capability: okThe repository contents (scripts to scaffold backends/frontends, a Selene FastAPI template, Fly.io deploy helpers, and a Lovable React frontend) match the skill's declared purpose of building and deploying Quantinuum/Guppy/Selene apps. No unrelated binaries or credentials are requested in the metadata.
Instruction Scope: okSKILL.md instructs the agent and user to run local Python scripts, edit generated code, set Fly.io secrets for hardware access, and deploy to Fly.io. The instructions stay within the expected scope (scaffolding, running quantum circuits, deployment). They explicitly warn about PHI and recommend storing API keys in Fly.io secrets. No instructions ask the agent to read arbitrary host files or exfiltrate unrelated data.
Install Mechanism: noteThe skill is instruction-only (no registry install spec), so nothing is automatically downloaded by the platform. The docs recommend installing external tools (flyctl via curl install script) and Python/Node dependencies when you run the templates locally; those are normal but carry the usual risk of running install scripts obtained at the time of user execution. Review any remote install commands (e.g., curl | sh) and the scripts that invoke CLI tools before running them.
Credentials: noteRegistry metadata lists no required environment variables, which is reasonable for a template skill. However the templates and docs reference optional secrets/env vars (QUANTUM_API_KEY, VITE_API_KEY, API_KEY, PORT, QUANTUM_HARDWARE) that are needed when targeting real hardware or enabling auth. This is not malicious but is a small inconsistency between metadata and file contents—users must still supply these secrets when using hardware or production deployments.
Persistence & Privilege: okThe skill does not request always:true and does not appear to modify other skills or system-wide settings. It is user-invocable and can be run by the agent, which is the platform default and expected for a scaffolding/deployment skill.