Qqbot Installer

Security checks across malware telemetry and agentic risk

Overview

This installer is mostly transparent, but it can install arbitrary OpenClaw plugins and run code from the installed package, which is broader than a QQBot-only helper.

Install only if you intend to let this skill modify your OpenClaw plugin environment. Use it for a trusted openclaw-qqbot package and version, avoid the generic plugin example unless you trust that package, and expect it may run plugin-provided JavaScript and restart the gateway.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The manifest and description scope this skill to installing/upgrading the QQBot plugin, but the documentation also provides a generic installer pattern for arbitrary plugins. That scope expansion is dangerous because a user or agent could invoke this skill to install unreviewed packages outside the intended trust boundary, effectively turning a narrowly scoped helper into a general plugin deployment mechanism.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script explicitly executes a package-supplied script from the newly installed plugin directory via Node. Because plugin packages are untrusted supply-chain inputs in this installer context, this grants arbitrary code execution during installation with the privileges of the user running the upgrade, and the script provides no trust boundary, prompt, sandbox, signature check, or opt-in warning.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal