ClawHub

QQ-Bot-connect

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed QQ messaging helper, but installing it lets an agent send real QQ messages and files when invoked.

Install only if you want your agent to send QQ messages through the qqbot message tool. Configure the openid carefully, test with your own account first, and require explicit confirmation before sending group messages, bulk messages, or any media/file attachment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are very broad and map to common QQ-related language, increasing the chance this skill activates when the user did not explicitly intend to send a message. Because the skill performs outbound messaging, accidental activation can lead to unintended message transmission or disclosure to a QQ contact or group.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill enables proactive sending of text, media, files, and bulk messages to QQ but provides no privacy, consent, or data-handling safeguards. In context, this makes accidental or unauthorized disclosure more dangerous, particularly when files or group messages are involved because a single mistake can expose sensitive content to multiple recipients.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The instruction on line 12 tells the agent to read a default recipient identifier from config and send messages to that QQ target, but it does not impose any authorization, confirmation, recipient validation, or scope restrictions. In a messaging skill, this creates a real risk of unintended or unauthorized outbound communication, especially because the default target appears to be a real user ('主人') and the trigger condition is broad enough to encourage implicit sends.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal