Skillv1.0.1

ClawScan security

QQBot Multi-Account · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 2:06 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions match its stated purpose (diagnosing multi-account QQBot deployments and exporting a local plugin); nothing requests unrelated credentials or network access, though the included scripts read local OpenClaw config and can package the plugin directory (which may contain secrets) so users should review before running.
Guidance: This skill appears to do what it says: inspect local OpenClaw/qqbot configuration and create a tarball of the local qqbot extension. Before running: (1) review your OpenClaw config (~/.openclaw/openclaw.json) and any client secret files referenced by clientSecretFile to ensure you’re comfortable those paths will be printed or included, (2) understand that export-local-qqbot.sh packages the entire extension directory (QQBOT_SRC_DIR or ~/.openclaw/extensions/qqbot) which may contain secrets or credentials — move or remove sensitive files first or set QQBOT_SRC_DIR to a safe copy, (3) prefer running the scripts locally in a safe environment (they make no outbound network calls), and (4) consider setting QQBOT_EXPORT_DIR to a controlled location before exporting. If you want stronger assurance, inspect the plugin directory contents and the referenced secret file locations before using the export script.

Review Dimensions

Purpose & Capability: okName/description (multi-account QQBot diagnostics and plugin export) align with the provided scripts and docs. The skill inspects OpenClaw config, known-users, and packages a local qqbot extension — all expected for its stated troubleshooting/export purpose.
Instruction Scope: noteThe runtime instructions invoke two included shell scripts that: (a) read the OpenClaw config (default ~/.openclaw/openclaw.json) and print bindings/accounts and gateway port, and (b) tar the local qqbot extension directory (default ~/.openclaw/extensions/qqbot) into dist/. This stays within the troubleshooting/export scope, but scripts will reveal appId and clientSecretFile paths and can include any files present in the plugin directory (potentially secret files) in the generated archive.
Install Mechanism: okNo install spec and no network download/install steps — instruction-only skill with bundled scripts. This is the lowest-risk install pattern and coherent with the declared skill type.
Credentials: noteThe skill declares no required env vars or credentials. The scripts do honor optional environment variables (QQBOT_SRC_DIR, QQBOT_EXPORT_DIR, QQBOT_KNOWN_USERS, OPENCLAW_CONFIG_PATH) but do not require external credentials. This is proportionate, though these env vars are not documented in SKILL.md as optional overrides (minor documentation gap).
Persistence & Privilege: okalways is false and the skill does not request persistent/system-wide privileges. It does not modify other skills or agent configs. Autonomous invocation is allowed by default but not combined with other high-risk behaviors.