Is bramdo/quantum-lab safe?

https://github.com/openclaw/skills/tree/main/skills/bramdo/quantum-lab

97
SAFE

This skill appears to be a legitimate tool for quantum computing development that provides a wrapper for running Python scripts in a qiskit virtual environment. The skill contains a well-designed shell script with proper safety measures and shows no signs of malicious intent. All canary files remained intact during installation, indicating no data exfiltration attempts.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

MEDIUM File system access during installation -5

The installation process accessed sensitive file paths including .env, .ssh/id_rsa, and .aws/credentials, though no exfiltration occurred

LOW Executable shell script present -10

The skill contains a shell script (qexec.sh) that activates a Python virtual environment and executes commands, though the script appears safe and well-designed

LOW General code execution capabilities -5

The skill enables execution of arbitrary Python commands within a specified quantum computing environment, which carries inherent risks if the target repository contains malicious code