OneBot Adapter
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a real OneBot/QQ adapter, but it gives the agent broad QQ bot powers such as auto-sending messages and group moderation without clear guardrails.
Install only if you intentionally want OpenClaw to control a QQ bot through OneBot. Use a trusted local OneBot server, protect the token, review or remove the auto-reply and group-management examples, and require explicit approval before sending messages, kicking/banning users, deleting messages, or changing group settings.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used as written, a QQ group message could cause the bot to kick a member, which is a high-impact moderation action.
The documentation shows an incoming message handler triggering a group kick without any visible admin check, confirmation, allowlist, or approval step.
async def admin_handler(event):
if event.get("message") == "/kick @user":
...
client.set_group_kick(group_id, user_id)Require explicit user/admin approval and permission checks before kick, ban, delete, rename, or other group-management actions.
Running the listener can make the bot send messages without a fresh user confirmation, which may surprise users expecting a passive receiver.
The default listener advertised for receiving messages also sends automatic private replies based on inbound content, and the duplicated registration may send two replies for private `ping` messages.
listener.on("message", handle_private_message)
listener.on("private", handle_private_message)
...
if message == "ping":
client.send_private_msg(user_id, "pong")Make auto-reply behavior opt-in, document it in the quick start, and avoid duplicate handler registration.
Anyone or any agent flow with this token may be able to read bot account data and send or moderate QQ messages through the OneBot server.
The adapter uses a OneBot bearer token that can authorize actions as the QQ bot account.
self.token = token or os.getenv("ONEBOT_TOKEN", "")
...
self.headers["Authorization"] = f"Bearer {self.token}"Use a dedicated, least-privileged bot token, keep it local, and declare/document the credential requirement clearly.
Private or group chat content may appear in local console logs or be passed to registered handlers.
The listener receives full OneBot events and prints them, which may include QQ message text, user IDs, group IDs, and notices.
message = await ws.recv()
event = json.loads(message)
print(f"\n[Event] {json.dumps(event, ensure_ascii=False, indent=2)}")Connect only to trusted OneBot servers, prefer localhost with token authentication, and disable or redact event logging for sensitive chats.
Users have less information for verifying where the adapter came from or how its Python dependencies should be installed.
The package provenance and dependency installation path are not well documented, even though Python scripts are included.
Source: unknown Homepage: none No install spec — this is an instruction-only skill.
Prefer a published source repository, documented dependency versions, and a clear install specification.
Once started, the listener will continue processing QQ events until the process is stopped.
The WebSocket listener is designed to keep running and reconnect while active; this is expected for a message listener and is not shown as hidden persistence.
while self.running:
...
print("Reconnecting in 5 seconds...")
await asyncio.sleep(5)Run it only when needed, monitor its output, and stop it explicitly when the bot should no longer receive or respond to events.