Qmsg Push

v0.1.0

Qmsg 酱推送，通过 QQ 主动发送消息通知，无需 API Key

⭐ 0· 67·0 current·0 all-time

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for timethreesecond/qmsg-push-skills.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Qmsg Push" (timethreesecond/qmsg-push-skills) from ClawHub.
Skill page: https://clawhub.ai/timethreesecond/qmsg-push-skills
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install qmsg-push-skills

ClawHub CLI

Package manager switcher

npx clawhub@latest install qmsg-push-skills

Security Scan

Capability signals

Requires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The skill's declared purpose (push messages via qmsg.zendee.cn) matches the included script which calls that service. However the README/SKILL.md claim '无需 API Key' while both the README and script require a Qmsg KEY — this contradiction is significant.

Instruction Scope

SKILL.md and README instruct the agent to read a secrets file (~/.workbuddy/secrets.json) and the script reads a secrets.json file, but the script looks for secrets.json in its own directory (path mismatch). The skill also tells an agent to 'create temporary agent' and read local secret files — reading local secrets is within the feature's scope but the undocumented/ambiguous path and the SKILL.md/registry not declaring the config path is a scope-management problem.

✓

Install Mechanism

Instruction-only skill with a small Python script included and no install spec; nothing is downloaded or written by an installer. Low install risk.

Credentials

Registry metadata declares no required env vars/config paths/primary credential, yet the README and code require a Qmsg KEY stored in a secrets.json file. The skill fails to declare its required secret and contradicts its 'no API Key' claim — this is disproportionate and confusing for users.

✓

Persistence & Privilege

always is false and the skill does not request persistent system-wide privileges or modify other skills. Normal agent invocation is allowed (default).

What to consider before installing

Do not install blindly. The skill actually requires a Qmsg KEY (contradicting the 'no API Key' description) and expects a secrets.json but the path is ambiguous: SKILL.md says ~/.workbuddy/secrets.json while the script reads secrets.json from its own directory. Before installing, verify where you'll store the key, confirm the script's path and behavior, and ensure you trust qmsg.zendee.cn because the key and message content will be sent to that external service. If you proceed, either (a) update the script to read the secret from a secure, declared location (or an explicitly declared env var), or (b) place the secrets.json only in a secure folder you control. If anything about the secret handling remains unclear, treat this skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk971rekvh498r00v3hcaxaege584z9ph

67downloads

0stars

1versions

Updated 1w ago

v0.1.0

MIT-0

Qmsg Push

使用 Qmsg 酱（qmsg.zendee.cn）向 QQ 推送消息。

前置要求

访问 qmsg.zendee.cn 注册并添加接收 QQ 号，获取 KEY
在 ~/.workbuddy/secrets.json 中配置 KEY：
```
{ "qmsg": { "key": "你的QmsgKEY" } }
```

调用方式

自动化任务触发时，执行脚本推送：

python ~/.workbuddy/qmsg_push.py "<消息内容>"

工作流程

自动化任务触发 → 创建临时 agent
agent 读取 ~/.workbuddy/qmsg_push.py 和 ~/.workbuddy/secrets.json
执行脚本，消息推送至配置的 QQ 号

Comments

Loading comments...