ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

量子密信-Openclaw对接

v1.0.2

帮助中国电信同人及客户实现通过量子密信调用 OpenClaw 机器人。支持文本、图片、附件及状态栏反馈。

1· 558·0 current·0 all-time
by@codenamelokcon

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for codenamelokcon/quantum-messenger.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "量子密信-Openclaw对接" (codenamelokcon/quantum-messenger) from ClawHub.
Skill page: https://clawhub.ai/codenamelokcon/quantum-messenger
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: QUANTUM_KEY
Required binaries: node
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install codenamelokcon/quantum-messenger

ClawHub CLI

Package manager switcher

npx clawhub@latest install quantum-messenger
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code: listener receives webhook messages and forwards them to OpenClaw, then returns text/media via the Quantum Messenger webhook. Required binary (node) and QUANTUM_KEY credential are appropriate for this integration. The script expects an installed OpenClaw CLI (documented in README), so the requested items are proportionate to the declared purpose.
!
Instruction Scope
The runtime instructions and code go beyond simple message forwarding in risky ways: the listener executes a shell command 'openclaw agent --message <json>' by interpolating JSON directly into a shell string (child_process.exec), which makes the host vulnerable to command injection from attacker-controlled input. The listener also inspects AI responses for local file paths (IMAGE:/FILE:) and, if present, will read arbitrary local files and upload them to an external endpoint — this can exfiltrate sensitive files from the server. Network calls use plain HTTP with the QUANTUM_KEY in query strings, exposing the key in transit and logs. These behaviors are functional for the feature set but are high-risk and should be hardened.
Install Mechanism
No external install spec (instruction-only with included scripts) — low install risk. The code does not pull remote archives or execute installation downloads. The README asks operators to ensure OpenClaw is installed separately; that is consistent and expected.
Credentials
Only QUANTUM_KEY (and optionally QUANTUM_PORT) are required — that is proportionate. However, the code transmits that key in plaintext over HTTP to imtwo.zdxlz.com and uses it as a direct query parameter for upload/send operations, which increases credential exposure risk. The single env var is sensible, but transport and endpoint selection weaken that proportionality.
Persistence & Privilege
The skill does not request always:true or other elevated platform privileges; it is user-invocable and does not auto-enable itself. It does run a persistent HTTP server (normal for webhook integrations) but does not modify other skills or system-wide agent settings.
What to consider before installing
This skill appears to implement the advertised Quantum Messenger <-> OpenClaw bridge, but it has concrete implementation risks you should address before deploying: - Command injection risk: the code builds a shell command with unescaped JSON (exec). Replace exec with a safe invocation (child_process.spawn with argument array) or otherwise sanitize input to avoid arbitrary command execution. - Arbitrary-file upload / exfiltration: the listener will upload any local file path returned by the AI (IMAGE:/FILE:) to an external host (imtwo.zdxlz.com). Restrict what paths are allowed, run the service with least filesystem privileges, and audit what files might be accessible. - Plain HTTP + key-in-query: the upload/send endpoints use http and include QUANTUM_KEY in the URL query string, which exposes credentials in transit and in logs. Use HTTPS endpoints and send auth in headers where possible. Verify whether imtwo.zdxlz.com is an official/trusted Quantum Messenger endpoint; if not, do not send sensitive data. - Network trust and isolation: run this service in a locked-down container or VM with minimal privileges and limited outbound network access to only the known Quantum endpoints. Monitor logs for unexpected uploads. - Additional checks: confirm the ownership/trustworthiness of the imtwo.zdxlz.com host; audit and pin the OpenClaw CLI binary you run; rotate QUANTUM_KEY after testing. If you cannot confirm the upstream endpoint and cannot harden command execution and file-access logic, treat this skill as risky and avoid deploying it on systems that hold sensitive data.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsnode
EnvQUANTUM_KEY
Primary envQUANTUM_KEY
latestvk97axqzpjfwh1yrgsthjt9z7c982d5pp
558downloads
1stars
3versions
Updated 8h ago
v1.0.2
MIT-0
@codenamelokcon
latest
Download

Quantum Messenger IM Skill

本技能由上海电信政支中心/量子能力中心技术经理程沛及他的openclaw机器人助手:1号机(Gemini)共同开发。

核心配置

  1. 端口: 默认 9001 (需安全组放通)。
  2. 机器人类型: 量子密信自定义会话机器人。
  3. KEY: 填入 scripts/ 目录下脚本对应位置。

开发者备注

  • 文本回复: content 字段提取。
  • 图片发送: type=1, imageMsg 字段。
  • 附件发送: type=2, fileMsg 字段。
  • 回调地址: 量子密信 APP 内机器人设置 URL。

详情请参阅 README.md。

Comments

Loading comments...