添加QQBot账号
ReviewAudited by ClawScan on May 12, 2026.
Overview
This instruction-only skill is coherent for adding QQ Bot accounts, but it involves bot credentials, live gateway configuration changes, and optional persistent agent workspaces that users should review.
Safe to consider if you intend to add a QQ Bot to OpenClaw Gateway. Before using it, back up ~/.openclaw/openclaw.json, protect any appId/clientSecret values, prefer SecretRef or the credentials store for production, and only create a separate agent workspace if you really want independent memory and persona for that bot.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can read the OpenClaw config may be able to obtain the QQ Bot secret and act as that bot.
The skill explicitly handles QQ Bot app secrets and may store them in plaintext configuration. This is expected for adding a bot account and is disclosed, but the credential exposure is important.
- **Credentials are in plaintext** in `openclaw.json` by default. For production, consider SecretRef (env var or file-backed).
Prefer the credential store or SecretRef for production, restrict file permissions on openclaw.json, and avoid pasting real secrets into shared chats or logs.
A malformed or unintended config change could disrupt the active Gateway or route bot messages differently right away.
Saving the config can immediately change behavior of the running Gateway. This is purpose-aligned, but mistakes in the config could affect active bot routing without a separate deployment step.
5. **Save** — Gateway hot-reloads automatically; no restart needed
Back up openclaw.json before editing, validate the JSON carefully, and make changes during a safe maintenance window if the Gateway is in production.
If enabled, the new bot may retain separate context and behavior that persists across future interactions.
The optional multi-agent path creates persistent workspace/persona files and separate memory for the new bot. The skill says to ask the user first, so this is disclosed and user-directed.
如果用户希望新 bot 有**独立的人格和记忆**(多 agent 模式)... 在该工作区中放置 `SOUL.md`、`USER.md` 等文件定义其人格。
Only enable a separate agent when needed, review the workspace files, and avoid placing sensitive or untrusted instructions in SOUL.md or USER.md.