QQBot Multi-Account

Security checks across malware telemetry and agentic risk

Overview

This QQBot operations skill is coherent and user-directed, but its diagnostic output and file-send examples can expose private bot/user details if shared carelessly.

Install only if you operate OpenClaw with QQBot. Treat inspect output as private, redact QQ user IDs, appIds, service details, and secret file paths before sharing, confirm every <qqfile> path and recipient, and pin the QQBot plugin version if reproducibility matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script prints account binding details, appId values, secret file paths, and the full contents of known-users.json directly to stdout with no masking, confirmation, or scope limitation. In an ops/diagnostics skill for multi-account bot environments, this increases the chance of accidental disclosure through terminal logs, copied troubleshooting output, shared sessions, or agent-visible transcripts, even if it does not directly exfiltrate data on its own.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal