Security audit

QQBot Multi-Bind

Security checks across malware telemetry and agentic risk

Overview

This instruction-only QQBot setup skill is mostly coherent, but it includes broad access and session-sharing examples that users should review carefully before applying.

Install only if you are comfortable changing OpenClaw gateway routing. Before copying the examples, restrict allowFrom to trusted QQ users or groups, protect AppSecret/clientSecret values, avoid putting real secrets directly in shell history, set restrictive permissions on ~/.openclaw/openclaw.json, and do not enable sessions.visibility "all" unless you intentionally want agents to share session context.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly instructs users to pass AppID and AppSecret/clientSecret directly on the command line and store them in plaintext configuration files, but gives no warning about secret sensitivity, shell history exposure, process listing leakage, or file-permission hardening. In this context the skill is operational setup guidance for real bot credentials, so omission of secure-handling guidance materially increases the chance of credential disclosure and downstream bot/account compromise.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal