QQBot Multi-Bind
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly matches its QQBot setup purpose, but it recommends very broad bot access and global cross-agent session sharing without clear limits or warnings.
Install only if you understand OpenClaw gateway and QQBot routing settings. Before copying the examples, replace allowFrom: ["*"] with a narrow allow list, protect AppSecret/clientSecret values, and avoid enabling sessions.visibility: "all" unless you intentionally want agents to share session context.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied as-is, the bot may allow unintended QQ users or groups to interact with the configured agents.
The example QQBot channel configuration uses a wildcard allow list, which appears to permit broad inbound access to the configured bot/agent route without guidance on restricting trusted users or groups.
"allowFrom": ["*"],
Restrict allowFrom to specific trusted users, groups, or channels, and document the access implications before exposing the gateway.
Agents may be able to access session information from other agents, increasing the chance of unintended data exposure or cross-agent context contamination.
The FAQ recommends enabling cross-agent session access globally, which can expose conversation/session context across agents and is not necessary for basic QQBot multi-account binding.
"tools": { "sessions": { "visibility": "all" } }Avoid enabling global session visibility unless it is required; prefer per-agent or per-task scoping and warn users what data becomes shared.
Anyone with access to the OpenClaw configuration or shell history may be able to use the QQBot credentials.
The setup necessarily handles QQBot AppID/AppSecret credentials and persists clientSecret values in OpenClaw configuration.
openclaw channels add --channel qqbot --token "AppID:AppSecret"
Protect the configuration file, avoid sharing logs or command history containing secrets, and rotate QQBot secrets if they are exposed.
A changed or compromised upstream script could affect the local OpenClaw installation or receive the supplied QQBot secret.
One optional install method runs a script from a freshly cloned, unpinned GitHub repository and passes QQBot credentials to it.
git clone https://github.com/tencent-connect/openclaw-qqbot.git && cd openclaw-qqbot bash ./scripts/upgrade-via-source.sh --appid YOUR_APPID --secret YOUR_SECRET
Prefer the documented package install when possible, or review and pin the source repository before running scripts with credentials.