Back to skill
Skillv0.0.5
VirusTotal security
Openqq · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:35 AM
- Hash
- 6ceec88e3be153451b8da6562fadff8552100462808a6dfe09dd48aa4b39291f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openqq Version: 0.0.5 The skill is suspicious due to a significant prompt injection vulnerability. The `qq-bot.js` file passes unsanitized user message content directly from QQ (`messageData.content`) as the `--message` argument to the `openclaw agent` via `child_process.spawn`. While `spawn` mitigates shell injection for the command itself, the AI agent's input is vulnerable to manipulation by malicious QQ users. This vulnerability is explicitly demonstrated in the `package.json`'s `test-msg` script, which takes arbitrary command-line input and passes it directly to the `openclaw agent --message` argument. This design flaw allows external users to potentially control the AI agent's behavior, leading to unintended actions, data access, or command execution depending on the agent's capabilities.
- External report
- View on VirusTotal