qq-mail-reader

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed QQ Mail reader that can access mailbox contents when configured, but its behavior matches its stated purpose.

Install only if you want the agent to read the configured QQ mailbox. Use a QQ Mail authorization code, keep ~/.openclaw/secrets/mail_qq.env private with 600 permissions, revoke the code when no longer needed, and phrase requests with a clear date range, sender, subject, or QQ Mail scope to avoid reading more email than intended.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger phrases are very broad and overlap with common user requests like '查看邮箱' or '读取邮件', which can cause the skill to activate in situations where the user did not clearly intend to grant mailbox access. In this skill’s context, accidental invocation is more dangerous than usual because activation leads to access to sensitive email content using stored credentials.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal