Skillv1.1.0

ClawScan security

QQBot Prompt Optimizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 1, 2026, 8:47 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description says it will detect and replace QQ Bot system prompts, but there is no code, commands, or declared config paths — the instructions are vague and grant the agent broad, unspecified file-access authority.
Guidance: This skill is suspicious because it promises to modify your QQ Bot's system prompt but gives no code, no commands, and no list of files it will touch. Before installing or running it: - Ask the publisher for the concrete implementation (script or exact commands) and a list of config file paths that will be read/modified. Refuse to run anything opaque. - Prefer a skill that provides source code you can review, or a small script you can run yourself. If you must use this, manually create SOUL.md and manually copy its contents into your bot's known system-prompt file, after making a backup. - Never give an automated agent blanket access to your filesystem; run any untrusted script in an isolated/test environment. If the skill later includes a clear, minimal script that only writes to a single documented QQ Bot config file (with backup/restore instructions), and shows example commands, this assessment could move to benign.

Review Dimensions

Purpose & Capability: concernThe skill claims to 'detect and replace the default QQ Bot system prompt' and to 'run the optimizer', but there are no binaries, scripts, or install steps included. It doesn't declare the config paths it will read or write. A tool that edits bot configuration should specify which files/locations it touches; the absence of that is inconsistent with the stated purpose.
Instruction Scope: concernSKILL.md tells the user to create a SOUL.md and 'run the optimizer' but provides no concrete commands, file paths, or safe boundaries. That vagueness gives the agent broad discretion (e.g., where to look for configs, what files to modify), which is scope creep compared with the simple goal of copying a prompt into a known config file.
Install Mechanism: okInstruction-only skill with no install spec and no code files. This minimizes supply-chain risk because nothing is downloaded or written by the installer itself.
Credentials: noteThe skill requests no environment variables or credentials, which is appropriate on the surface. However, its functionality implies it will need read/write access to the bot's configuration files; those required config paths are not declared. The missing declaration is a proportionality mismatch — the skill likely needs file-system access but doesn't specify what.
Persistence & Privilege: okThe skill is not marked 'always' and uses normal agent invocation defaults. It doesn't request persistent platform privileges in the metadata. The main concern is the undefined runtime behavior, not granted persistent privileges.