ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

QQBot Media Sender

一键发送图片/视频/文件到 QQ,支持批量发送和自动压缩

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 270 · 0 current installs · 0 all-time installs
byRao Lin@bg1avd
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description promise 'send to QQ' (including batch sending, automatic compression, progress). However sender.js only checks files, enforces size limits, generates <qqimg>/<qqvideo>/<qqfile> tags with absolute paths, logs progress, and returns results. There are no network calls, no QQ API integration, and no code implementing compression. This mismatch (advertised sending vs. actual local tag generation) is a substantive incoherence. A plausible benign explanation is that another local QQBot service consumes these tags, but that relationship is not documented or enforced here.
!
Instruction Scope
SKILL.md instructs users to run the CLI to send files and gives examples that imply files will be transmitted. The instructions also reference scanning user directories (e.g., ~/.openclaw/workspace/*.pdf). The runtime instructions do not document that the tool merely emits tags for a separate service, so following them may give users a false sense that files were sent when they may not be. The tool reads any provided file paths and stat information (but does not exfiltrate contents).
Install Mechanism
No install spec is provided (instruction-only install), and the package includes the JS source and a bin entry. Nothing is downloaded from external URLs and no extraction is performed, which is low-risk from an installer perspective.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The code does not attempt to read environment secrets. This is proportionate.
Persistence & Privilege
always is false and there are no indications the skill requests persistent elevated privileges or modifies other skills' configurations. It is a normal CLI tool with no autonomous-install flags.
What to consider before installing
This package advertises sending media to QQ but the included sender.js only validates files and prints/emits tags (e.g., <qqimg>/abs/path</qqimg>) — it does not actually upload or send data to QQ or call any QQ API. Before installing or running it: 1) confirm how 'sending' is actually implemented in your environment (is there a separate QQBot that consumes these tags?), 2) inspect and test the CLI in a safe non-sensitive directory to verify behavior, 3) beware that it will resolve absolute file paths and read file metadata (it can enumerate and stat files you point it at), and 4) note features like compression are advertised but not implemented in the shipped code. If you need an automated sender, prefer a package that clearly documents and implements the network interaction, or ask the author for clarification. If you don't trust the author or lack clarity, do not run the tool on directories containing sensitive data.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk9765t6f5dfemddy2vfkddk6tn82qzqe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

QQBot Media Sender

一键发送图片、视频、文件到 QQ 聊天窗口,支持批量发送和自动压缩。

功能特性

  • 图片发送:支持 jpg, png, gif, webp 等格式
  • 视频发送:支持 mp4, avi, mov 等格式
  • 文件发送:支持 pdf, docx, xlsx, zip 等格式
  • 批量发送:一次发送多个文件
  • 自动压缩:大文件自动压缩(可选)
  • 进度显示:实时显示发送进度

使用方法

发送单张图片

# 使用标签直接发送
<qqimg>/path/to/image.jpg</qqimg>

发送单个文件

# 使用标签直接发送
<qqfile>/path/to/document.pdf</qqfile>

批量发送

# 发送目录下所有图片
qqbot-send-media /path/to/images/ --type image

# 发送指定文件列表
qqbot-send-media file1.pdf file2.pdf file3.pdf

# 发送到指定 QQ 群
qqbot-send-media /path/to/file.jpg --group 843812FF4BA524086B77B60886C38AB3

命令行参数

参数说明默认值
--type文件类型:image, video, file, autoauto
--group目标 QQ 群号私聊
--compress是否压缩大文件false
--max-size最大文件大小 (MB)20
--delay发送间隔 (ms)1000

示例

示例 1: 发送工作区所有 PDF

qqbot-send-media ~/.openclaw/workspace/*.pdf --type file

示例 2: 发送图片到指定群组

qqbot-send-media /tmp/screenshot.png --group 843812FF4BA524086B77B60886C38AB3

示例 3: 批量发送并压缩

qqbot-send-media /photos/ --type image --compress --max-size 10

自动压缩规则

  • 图片 > 5MB: 自动压缩到 80% 质量
  • 视频 > 10MB: 提示并建议压缩
  • 文件 > 20MB: 自动分割或拒绝

支持的文件格式

图片

  • ✅ JPG/JPEG
  • ✅ PNG
  • ✅ GIF
  • ✅ WebP
  • ✅ BMP

视频

  • ✅ MP4
  • ✅ AVI
  • ✅ MOV
  • ✅ WMV

文档

  • ✅ PDF
  • ✅ DOC/DOCX
  • ✅ XLS/XLSX
  • ✅ PPT/PPTX
  • ✅ TXT
  • ✅ ZIP

故障排除

问题:发送失败

解决方案:

  1. 检查文件路径是否正确
  2. 检查文件大小是否超过 20MB
  3. 检查 QQBot 服务是否运行

问题:图片无法显示

解决方案:

  1. 确保使用 <qqimg> 标签
  2. 检查文件扩展名是否正确
  3. 尝试转换为 JPG 格式

技术细节

标签格式

<qqimg>路径</qqimg>   - 图片
<qqvideo>路径</qqvideo> - 视频
<qqfile>路径</qqfile>  - 文件
<qqvoice>路径</qqvoice> - 语音

API 调用

// 内部调用示例
const payload = {
  type: 'media',
  mediaType: 'image',
  source: 'file',
  path: '/absolute/path/to/file.jpg'
};

许可证

MIT

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…