Back to skill
Skillv0.1.0
VirusTotal security
Quantinuumclaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:59 AM
- Hash
- 2b36071aeb249653045934bdcf5ca9bd75667730a8135b9a0db4b2ddf91c7359
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: quantinuumclaw Version: 0.1.0 The skill bundle is suspicious due to several vulnerabilities in the generated code and default configurations, rather than intentional malice. The `assets/selene-template/main.py` file defaults to a wide-open CORS policy (`allow_origins=["*"]`), which is a significant security flaw, despite a `TODO` comment. Additionally, the `scripts/lovable_integrate.py` script generates frontend files by directly embedding user-provided arguments (like `app-name`, `quantum-use-case`, `backend-url`) into HTML and JavaScript templates without sanitization, creating a reflected XSS vulnerability in the generated frontend if the AI agent is prompted with malicious input. The skill's documentation, however, provides good security advice, such as using Fly.io secrets for API keys and synthetic data for clinical demos.
- External report
- View on VirusTotal