Quantum Lab
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a straightforward local command runner for a quantum lab repo, with no evidence of hidden exfiltration or destructive behavior, but users should understand it can run local commands in an existing virtual environment.
Install only if you trust the local quantum_lab repository and the ~/.venvs/qiskit environment. Prefer the reviewed qexec.sh wrapper, inspect any missing shorthand scripts before using them, and approve only commands you are comfortable running on your machine.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you ask the agent to run an unsafe command, it can execute that command in the quantum_lab repo and qiskit virtual environment.
The helper activates the configured virtual environment, changes into the lab repo, and executes the command arguments it receives. This is consistent with the skill's purpose, but it gives the agent local command execution authority when invoked.
source "$VENV/bin/activate" cd "$ROOT" exec "$@"
Only invoke this skill with commands you intend to run locally, and review any command that modifies files, installs packages, starts services, or runs notebooks.
The shorthand commands may fail or could depend on files not present in the reviewed artifact set.
The documentation references scripts/gl and scripts/ql, but the provided manifest only includes scripts/qexec.sh. This appears to be an incomplete helper-script reference rather than hidden behavior, but users should verify what will actually be run.
- `bash <SKILL_DIR>/scripts/gl self-tests` - `bash <SKILL_DIR>/scripts/gl playground` ... - `gl <args>` → `bash <SKILL_DIR>/scripts/gl <args>` - `ql <args>` → `bash <SKILL_DIR>/scripts/ql <args>`
Use the reviewed qexec.sh command directly unless scripts/gl and scripts/ql are present and you have inspected them.
Running these commands may execute local project code, start a local web service, or install Python packages into the venv.
The skill is explicitly designed to run local Python scripts, start a local server, and optionally install dependencies from a local requirements file. These are expected for the stated purpose, but they are still code execution and package-install actions.
- `bash <SKILL_DIR>/scripts/qexec.sh python quant_math_lab.py` - `bash <SKILL_DIR>/scripts/qexec.sh python -m quantumapp.server --host 127.0.0.1 --port 8000` - If dependencies are missing: `bash <SKILL_DIR>/scripts/qexec.sh pip install -r requirements.txt`.
Confirm the local quantum_lab repo and requirements.txt are trusted before running scripts, notebooks, servers, or dependency installation.