ClawHub

Qiuqiu Helper

PassAudited by VirusTotal on May 12, 2026.

Overview

Type: OpenClaw Skill Name: qiuqiu-helper Version: 0.1.0 The `SKILL.md` defines tools with high-risk capabilities that are susceptible to prompt injection. Specifically, `quick_note` allows writing to a 'specified file' and `clean_logs` allows deleting files from a 'specified directory'. While the descriptions imply benign defaults and restricted scopes ('in the memory folder', 'current logs directory'), the parameters (`file`, `path`) are broad. A malicious prompt could instruct the AI agent to use path traversal (e.g., `../../../../etc/passwd`) or target critical system directories (e.g., `/`) for file write or deletion, leading to data corruption, privilege escalation, or system compromise. The skill itself does not contain explicit malicious instructions, but its design exposes significant potential for abuse by a compromised agent.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence
ASI02: Tool Misuse and Exploitation
What this means

If used with the wrong directory or retention period, the agent could remove log files the user still needed.

Why it was flagged

The skill discloses a file-deletion capability. This is purpose-aligned for log cleanup, but deletion is a local mutating action and the optional path is not tightly specified.

Skill content
clean_logs
- Description: Deletes log files older than a specified number of days to save space.
- Parameters:
  - days: (Optional) Retention period in days, defaults to 7.
  - path: (Optional) Directory to clean, defaults to current logs directory.
Recommendation

Confirm the target directory and retention period before using clean_logs, and avoid pointing it at broad or important folders.

NoteHigh Confidence
ASI06: Memory and Context Poisoning
What this means

Sensitive or incorrect notes could remain available in future workspace context.

Why it was flagged

The skill intentionally persists user-provided text in a memory folder. This is coherent for a note-taking helper, but persistent notes can affect later context or expose sensitive text within the workspace.

Skill content
quick_note
- Description: Appends a quick timestamped note to a specified file in the memory folder.
- Parameters:
  - content: The text to save.
  - file: (Optional) Target filename, defaults to today's date.
Recommendation

Avoid saving secrets or highly sensitive information through quick_note, and periodically review stored notes.