QuantumOS
WarnAudited by ClawScan on May 10, 2026.
Overview
QuantumOS appears to be a plausible OpenClaw dashboard, but it asks to run unpinned remote code, copies your OpenClaw gateway token, and adds persistent automation that can make the agent act on dashboard tasks.
Review the QuantumOS GitHub repository and npm package scripts before running setup. Be aware that setup copies your OpenClaw gateway token into the cloned app, and avoid the HEARTBEAT.md auto-triage block unless you are comfortable letting dashboard-created tasks direct future agent work.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running setup gives unreviewed remote code and dependencies the ability to execute locally with the user's privileges.
The installer fetches the actual application from an unpinned external repository and installs its dependencies. That remote app code is not included in the reviewed package, and npm install may execute package lifecycle scripts.
REPO="https://github.com/murtiurti4/quantumos.git" ... git clone "$REPO" "$INSTALL_DIR" ... npm install --no-audit --no-fund
Install only if you trust the GitHub repository. Prefer a pinned commit, reviewed source, and lockfile; inspect package scripts before running npm install.
The dashboard may gain the same gateway access as the user's OpenClaw session, including agent-management or chat capabilities exposed by that gateway.
The script automatically reads the local OpenClaw gateway token and writes it into the dashboard environment file. This credential requirement is not reflected in the registry metadata, and the token will be available to the cloned dashboard app.
OC_CONFIG="$HOME/.openclaw/openclaw.json" ... GW_TOKEN=$(python3 -c "import json; c=json.load(open('$OC_CONFIG')); print(c.get('gateway',{}).get('token',''))" ... cat > .env.local << EOF
OPENCLAW_GATEWAY_PORT=$GW_PORT
OPENCLAW_GATEWAY_TOKEN=$GW_TOKENTreat this like granting a credential. Verify the dashboard code first, use the least-privileged token available, and remove or rotate the token if you uninstall or stop trusting the app.
Future agent behavior can be driven by stored dashboard tasks, so an accidental or malicious task entry could influence what the agent works on later.
The skill asks to persist instructions in HEARTBEAT.md so future agent runs poll dashboard tasks and act on them. The artifacts do not define who can create those tasks, how task content is trusted, or when the user must approve execution.
After setup, you MUST add Mission Control triage to your workspace's `HEARTBEAT.md`... For each inbox task: generate a proper title, set status to "in_progress", and start working on it
Do not add the HEARTBEAT.md automation unless you want this persistent behavior. Add explicit review/approval requirements and restrict who can create dashboard tasks.