Skillv1.0.1

ClawScan security

Napcat Qq Bridge Installer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 9, 2026, 10:52 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The package and its runtime instructions are coherent with the stated purpose (installing and managing a local Windows NapCat + QQ + OpenClaw bridge); it downloads NapCat from GitHub, uses winget, WSL and Docker, and the bundled scripts/assets match that workflow.
Guidance: This skill appears to do what it says, but it performs intrusive local operations that you should understand before running: it will download and extract NapCat code from GitHub, install Tencent.QQ.NT via winget if needed, write configuration and token files into the chosen runtime folder, create/start a Docker container in WSL, and launch NapCat by injecting/starting helper executables/DLLs into the QQ process. Only install/run this on a machine you control and trust (or inside a VM). Review the downloaded NapCat release and bundled files before executing, be prepared to approve admin elevation, and expect a manual browser OAuth step for OpenClaw/OpenAI onboarding. If you need higher assurance, download NapCat manually (or verify release checksums) and inspect the extracted binaries before using the automated installer.

Review Dimensions

Purpose & Capability: okName/description, SKILL.md, and included files (scripts/manage.py, bridge.mjs, start/stop bat templates) all align: they install NTQQ via winget, download NapCat releases from GitHub, install/configure a bridge, and bootstrap an OpenClaw container via WSL+Docker. No unrelated credentials, binaries, or external services are requested.
Instruction Scope: noteInstructions perform privileged local operations that are expected for this task: downloading and extracting NapCat, writing runtime config under the chosen runtime root, querying the registry for QQ, installing via winget, starting processes, and launching NapCat by injecting/launching a DLL into QQ. These actions are within scope but are intrusive (process injection, service management, admin elevation). The SKILL.md does not ask for unrelated files or secrets.
Install Mechanism: okThis skill is instruction-driven with bundled scripts; it downloads NapCat assets at runtime from the GitHub Releases API (api.github.com), and uses well-known tools (winget, docker images from Docker Hub). There is no opaque third‑party URL shortener or personal server in the manifest. No install spec is included (lowest platform install risk).
Credentials: okThe skill declares no required environment variables or credentials. Runtime behavior generates local tokens and writes local config files under the selected runtime root. It does require administrative rights for some operations (start-all.bat elevates) and access to WSL/Docker, which is proportionate for installing and running a local bridge.
Persistence & Privilege: okalways:false and user-invocable:true. The skill creates local files, a Docker container/volume, and start/stop scripts in the chosen runtime root, but does not request permanent platform-level privileges or modify other skills’ configs. It will attempt to run commands requiring admin/WSL privileges, which is expected but sensitive.