QQBot Multi-Account
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears aligned with QQBot multi-account troubleshooting, but it can expose local bot configuration/user data and guide outbound QQ file sending, so outputs should be reviewed before sharing.
This skill is reasonable for QQBot operators, but run it only when you want local diagnostics or export. Before sharing its output or generated archive, check for QQ user identifiers, appIds, secret file paths, logs, or unintended local files.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill can execute local diagnostic/export commands on the user's machine.
The skill asks the user or agent to run bundled shell scripts. The scripts are visible and purpose-aligned, but local command execution is still a capability users should notice.
bash {baseDir}/scripts/inspect-qqbot.sh
...
bash {baseDir}/scripts/export-local-qqbot.shRun the scripts only when you intend to inspect or export the local QQBot/OpenClaw setup.
Local QQ user information could be exposed in terminal logs or copied into an agent conversation, and any user-controlled text should not be treated as instructions.
The diagnostic script prints persistent QQBot known-users data, which may contain QQ user identifiers, routing state, or user-controlled profile text.
KNOWN="${QQBOT_KNOWN_USERS:-$HOME/.openclaw/qqbot/data/known-users.json}"
...
cat "$KNOWN"Review or redact known-users output before sharing it, and treat its contents as untrusted data.
Diagnostic output can reveal bot account identifiers and where credentials are stored locally.
The script reads the local OpenClaw config and prints QQBot account IDs, appIds, and client secret file paths, though it does not read the secret files themselves.
print(f' {key}: appId={value.get("appId")} secretFile={value.get("clientSecretFile")}')Avoid posting raw diagnostic output publicly; redact appIds and secret file paths when not needed.
If used carelessly, a local file could be sent to a QQ recipient through the bot account.
The reference documents sending local files through QQBot. This is aligned with the stated proactive-send purpose, but it is an outbound data action.
Here is your file <qqfile>/path/to/file.md</qqfile> ... This lets the plugin upload the file through the QQ file message API.
Confirm the recipient, accountId, and exact file path before sending QQ messages or files.
Future installs may receive a different QQBot plugin version than the one expected when this skill was written.
The prerequisite plugin install uses the @latest tag rather than a pinned version, so the installed code may change over time.
openclaw plugins install @tencent-connect/openclaw-qqbot@latest
Pin the QQBot plugin version if reproducibility or change control matters.