ClawHub

qqbot

v1.0.0

配置并管理QQ官方机器人,支持身份认证、IP白名单设置、Webhook/WebSocket连接及OpenClaw AI集成。

10· 3.9k·42 current·46 all-time
by@byzgpc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the included runtime code (qq_official_bot.py, daemon, AI handler). However, the package also contains many publishing/automation scripts (playwright/agent-browser) for pushing the skill to ClawHub which are unrelated to running the bot itself — they are plausible as author tooling but expand the repo footprint beyond the core purpose. More importantly, config.example.json contains a clientSecret-like value (looks like a real credential) which contradicts PUBLISH.md's claim that templates are 'desensitized'.
!
Instruction Scope
SKILL.md runtime instructions are focused on setting APP_ID/APP_SECRET, adding IP whitelist, copying files to ~/.openclaw/workspace and running the daemon and AI handler. That is coherent. But several included scripts (publish-*.js, publish-*.sh, publish-helper.sh) attempt to read files from ~/Desktop and interact with the local browser, and the install script copies files from the current directory into ~/.openclaw/workspace — these actions operate on user filesystem and browser state and are not declared in SKILL metadata. The SKILL.md does not warn about embedded credential values present in files (config.example.json).
Install Mechanism
There is no formal install spec (instruction-only in registry), which limits automatic execution. The repo includes an install.sh that installs Python packages with pip --user (requests, aiohttp, websockets) and copies scripts into ~/.openclaw/workspace. Node files depend on playwright (package.json) which when installed may download browsers — none of these are executed by the registry install step, but running the included scripts will perform local installs and may download browser binaries. No remote arbitrary download URLs or extract operations are present in the files themselves.
!
Credentials
Registry metadata declares no required env vars or primary credential, but the runtime clearly requires APP_ID and APP_SECRET (instructions tell the user to edit files or openclaw.json). The repo also includes config.example.json containing an AppId and a clientSecret-like string (bgmsz7FOX...). Embedding what looks like a real secret in the example is a red flag: either a leaked credential or a sloppy placeholder that could mislead users. The skill requests file-system locations under the user's home (~/Desktop, ~/.openclaw) and will read/write request/response files — acceptable for local integration but worth noting.
Persistence & Privilege
The skill spawns a background daemon (qq_bot_daemon.sh starts a nohup python process and writes pid/log files) and writes files to ~/.openclaw/workspace. always is false and disable-model-invocation is false (normal). The daemon and queue file usage are expected for a bot but mean the skill will run persistently if the user starts it; this is not inherently excessive but users should be aware it runs background processes and writes files under their home directory.
What to consider before installing
Summary of what to check before installing: - Treat the example credential as suspicious. config.example.json contains an AppID and a clientSecret-like string. Do NOT assume this is a safe placeholder — verify it is not a real/active secret. If you ever ran this code with that secret, rotate the secret in your QQ developer console immediately. - The skill does not declare required credentials in metadata. You will need to provide APP_ID and APP_SECRET yourself (either by editing qq_official_bot.py or openclaw.json). Prefer storing secrets in a secure config or environment variables rather than committing them to code. - The install.sh will pip-install dependencies into your user environment and copy scripts into ~/.openclaw/workspace. Review install.sh before running; consider running in an isolated environment (container or VM) if you are unsure. - The repo includes multiple publishing automation scripts (playwright/agent-browser). These scripts interact with your browser and ~/Desktop files (e.g., they try to upload ~/Desktop/qqbot-v1.0.0.zip). Do not run them unless you intend to perform publishing and you understand they will access your filesystem and potentially drive a browser. - Runtime behavior: the bot writes/reads files in ~/.openclaw/workspace/qq_queue to exchange messages with a local AI handler and runs as a background process if you start the daemon. That is expected, but be aware of persistent background processes and local files containing messages. - If you want to proceed: remove any embedded secrets from the repo, replace them with clear placeholders, set your own APP_ID/APP_SECRET, inspect and (if needed) simplify or remove the publishing scripts, and run install/start steps in an isolated environment until you're confident. If you want, I can point out the exact lines/files where the example secret appears and suggest a minimal checklist of commands to safely inspect or run this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dymfbgyt63f1pvqx1ppe5z981p1gs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments