Back to skill

Security audit

Telegram → QQ 自动转发

Security checks across malware telemetry and agentic risk

Overview

This Telegram-to-QQ bridge has a coherent purpose, but it needs review because it automatically reads local session transcripts and forwards chat content while also exposing a real local command-injection risk.

Review before installing. Do not run this version as-is on a machine with sensitive data or trusted OpenClaw credentials unless the command execution is replaced with argument-based `spawn`/`execFile` or a native API, forwarding scope is explicitly limited, and users whose Telegram content may be bridged have consented.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The plugin reads a local OpenClaw session transcript file from a user/home-scoped path and forwards matching message content to QQ. Even if this is the stated bridge behavior, accessing transcript/session artifacts creates a privacy and data-boundary risk because it can expose local conversation data and silently exfiltrate content across platforms without strong scoping, consent, or validation.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code constructs a shell command with interpolated values from message content and configuration, then executes it with execSync. This creates a command-injection risk because attacker-controlled text from Telegram or environment-derived configuration can break shell quoting and execute arbitrary local commands under the plugin's privileges.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The publishing instructions promote automatic forwarding of Telegram group messages to QQ but do not warn users that messages and potentially personal data are being copied across platforms. This creates a real privacy and consent risk because operators may deploy the bridge without informing affected users, causing unintended disclosure across different trust boundaries.

Missing User Warnings

Low
Confidence
72% confidence
Finding
The document instructs users to place QQ identifiers and account information in environment variables without any guidance on protecting those values. While not an exploit by itself, this is a valid security weakness because sensitive configuration may be exposed via shell history, process listings, CI logs, or shared environment files.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The quickstart explicitly describes automatic forwarding from a Telegram group to QQ but does not present a clear user-facing warning about cross-platform message transfer, privacy implications, or consent requirements. This is dangerous because operators or group participants may not realize messages are being bridged to another platform, increasing the risk of unauthorized disclosure of private or sensitive communications.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README promotes automatic Telegram-to-QQ forwarding without any privacy, consent, or data-sharing warning, which can lead users to deploy cross-platform message replication without understanding that potentially sensitive group content will be copied to another service. In this skill context, the risk is heightened because it bridges messages between distinct platforms and audiences, increasing the chance of unintended disclosure or policy violations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README instructs users to point the skill at a Telegram session file but does not warn that session artifacts may contain authentication material, chat history references, or other sensitive data whose exposure could enable account compromise or privacy breaches. In this skill context, accessing agent session files is especially dangerous because it normalizes reading high-value local secrets and may encourage insecure storage, broad file permissions, or accidental leakage via logs and backups.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly describes automatic forwarding of Telegram group messages to a QQ private chat, which creates a real privacy and data-sharing risk because messages from one platform and audience are silently replicated to another. In this context, the danger is heightened by the documented automatic startup and always-on listener behavior, while the documentation does not mention consent, access control, message filtering, retention, or any warning to affected users.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill forwards user-originated Telegram content to QQ but provides no in-code disclosure, consent flow, or visibility controls for that cross-platform transfer. In context, this makes the bridge more dangerous because it operates automatically at startup and reads local transcript data, increasing the chance of unintentional sharing of sensitive messages.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.destructive_delete_command

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
index.js:106

Documentation contains a destructive delete command without an explicit confirmation gate.

Warn
Code
suspicious.destructive_delete_command
Location
FINAL_STATUS.md:135

Documentation contains a destructive delete command without an explicit confirmation gate.

Warn
Code
suspicious.destructive_delete_command
Location
PUBLISH_INSTRUCTIONS.md:153