Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openqq

v0.0.5

QQ bot integration for OpenClaw with session isolation, logging, and AI auto-reply. Supports private chat and group @messages.

⭐ 0· 851·2 current·2 all-time

byZao_hon@zaohon

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The code implements a QQ bot that spawns a local 'openclaw' CLI to generate replies — that is consistent with the description. However the skill metadata/requirements list no required binaries or primary credential even though runtime behavior depends on a local 'openclaw' executable and Node.js. The SKILL.md and package.json hint at using 'openclaw agent' (e.g., test-msg), but the skill did not declare the 'openclaw' CLI as a required binary. This is an incoherence that could surprise users.

Instruction Scope

SKILL.md instructs to install dependencies and run npm start and shows examples using 'openclaw agent', but does not clearly state that a functioning local OpenClaw binary must be installed and on PATH. The code spawns the 'openclaw' process and logs raw outputs; runtime will therefore run local commands and read the user's config file (~/.openclaw/workspace/open-qq-config.json). The instructions are otherwise within the bot's purpose (QQ <-> OpenClaw bridge) but are incomplete about runtime requirements and where data flows.

ℹ

Install Mechanism

There is no automated install spec (instruction-only), but the package includes code files and package.json declaring npm deps (axios, ws). No external arbitrary downloads or extract steps are used. Installing requires running 'npm install' locally which will fetch packages from the npm registry — expected for a Node project. Because code files are included, installing/running will write logs and possibly create directories under /root by default; this is a local disk persistence consideration.

ℹ

Credentials

Credentials are stored in a local config file (~/.openclaw/workspace/open-qq-config.json) rather than environment variables; that matches the stated design. This is proportionate for a QQ bot. Concerns: (1) default logDir in logger.js uses /root/.openclaw/... which may be incorrect for non-root users and could cause permission issues or leak file locations, (2) logging includes request/response payloads (logger.logApiCall logs response.data) and the sanitizer uses a simple regex that may not catch all secrets — logs may thus contain sensitive content unless you verify/configure sanitization and permissions.

✓

Persistence & Privilege

The skill does not request always:true, does not declare special system-wide privileges, and does not modify other skills. It suggests systemd deployment in docs (normal for a daemon). The agent can invoke the skill (default) but the skill itself runs as a user process when you start it; there is no evidence it enables itself persistently beyond typical service installation steps you would perform.

What to consider before installing

This skill is plausibly a legitimate QQ bot, but review these points before installing: - The runtime spawns a local 'openclaw' CLI (spawn('openclaw', ...)). Ensure you actually have a trusted OpenClaw binary on PATH; the skill metadata did not declare this binary requirement. Without it the skill will fail or may spawn something unexpected. - The skill stores QQ credentials in ~/.openclaw/workspace/open-qq-config.json — keep file permissions tight (chmod 600) and do not commit it. The logger may record message contents and API responses; review logger.sanitizeMessage and consider stricter filtering or disabling debug logging in production. - Several files/scripts assume /root paths (default logDir, start-qq-bot.sh cd /root/...). If you run as a non-root user, adjust paths and service files before deploying. - The package.json relies on npm packages; 'npm install' will download dependencies from npm. Inspect the installed packages (axios, ws) versions and lockfile if you need supply-chain assurance. - Metadata mismatches (package version vs registry version, missing declared required binaries) and small inconsistencies indicate the author may have shipped quickly — audit the code (qq-bot.js and logger.js) if you don't fully trust the source, and test in an isolated environment first. If you decide to proceed: run it in a sandbox/container or test VM, verify the OpenClaw binary and QQ endpoints are the ones you expect, tighten config/log permissions, and run with non-root user privileges.

Like a lobster shell, security has layers — review code before you run it.

latestvk978h8r0exmnx5ej4qq3v8t2px81w4kp

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Openqq

License

Comments