ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openqq

v0.0.5

QQ bot integration for OpenClaw with session isolation, logging, and AI auto-reply. Supports private chat and group @messages.

0· 963· 4 versions· 2 current· 2 all-time· Updated 17h ago· MIT-0
byZao_hon@zaohon

Security Scans

VirusTotalSuspiciousClawScanSuspiciousStatic analysisSuspicious

Install

openclaw skills install openqq

OpenQQ Bot

QQ bot integration for OpenClaw. Enables AI auto-reply for QQ private chats and group @mentions with session isolation and comprehensive logging.

Quick Start

# Initialize config
npm run setup

# Install dependencies
npm install

# Edit config
vim ~/.openclaw/workspace/open-qq-config.json

# Start bot
npm start

Configuration

Edit ~/.openclaw/workspace/open-qq-config.json:

{
  "qq": {
    "appId": "YOUR_APP_ID",
    "token": "YOUR_TOKEN",
    "appSecret": "YOUR_APP_SECRET"
  }
}

Get credentials from QQ Open Platform.

Usage

npm start        # Start bot
npm run health   # Health check
npm run logs     # View today's logs
npm run status   # Check running status

Features

  • Session Isolation: Each user/group has independent conversation history
    • Private: qq-private-{user_openid}
    • Group: qq-group-{group_openid}
  • Comprehensive Logging: China timezone, log rotation, sensitive data filtering
  • Auto Reconnect: WebSocket auto-reconnect with heartbeat
  • Message Retry: Auto-retry failed messages (up to 2 times)
  • Graceful Shutdown: Clean shutdown on SIGTERM/SIGINT

Files

FileDescription
qq-bot.jsMain program (WebSocket + OpenClaw integration)
logger.jsLogging system (China timezone + rotation)
scripts/health-check.shHealth check script
package.jsonDependencies (axios, ws)

npm Commands

CommandDescription
npm startStart bot
npm run healthHealth check
npm run logsView logs
npm run setupInitialize config
npm run statusCheck status
npm run cleanClean node_modules

Security

  • Do not commit open-qq-config.json to version control
  • Set permissions: chmod 600 ~/.openclaw/workspace/open-qq-config.json
  • Uses spawn instead of exec to prevent command injection
  • Session IDs are whitelisted (alphanumeric + hyphen only)

Troubleshooting

IssueSolution
Config not foundRun npm run setup
Missing credentialsEdit config file with appId/token/appSecret
WebSocket failedCheck Token and network
No replyTest with openclaw agent --message "test"

Changelog

See CHANGELOG.md

v0.0.3 (Latest)

  • 7 new npm commands
  • FAQ section
  • Message retry mechanism
  • Graceful shutdown

License

MIT License

Links

Version tags

latestvk978h8r0exmnx5ej4qq3v8t2px81w4kp