ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

onebot QQ群管理

v1.0.0

QQ 群管理操作,通过 OneBot 11 API 实现群名修改、群公告、禁言、踢人、设置管理员、全员禁言等功能。当用户需要在 QQ 群中执行管理操作时使用,如修改群名、发公告、禁言某人、踢人、设置管理员等。

0· 55·0 current·0 all-time
by@zhangalexhy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the implementation: the script sends OneBot actions over a WebSocket to perform group operations (rename, notices, ban, kick, set admin, upload portrait, etc.). No unrelated services or credentials are requested.
!
Instruction Scope
The script supports a special syntax key=@/path/to/file which reads arbitrary local files and inserts their contents into parameters. While useful for uploading images, it also allows exfiltration of any local file if misused. SKILL.md documents local file paths for the 'file' parameter, but does not explicitly warn about the broader risk of reading arbitrary system files.
Install Mechanism
Instruction-only skill with a single JS helper file and no install spec. Nothing is downloaded or executed from remote URLs by an installer.
Credentials
The script honors ONEBOT_WS_URL and ONEBOT_WS_TOKEN (documented in SKILL.md) which is appropriate. However, the code contains a hardcoded default token ('FTubmd6pc77aX~XK'), which is unexpected and poor practice: embedding credentials in code can be accidental or misleading. The script also mutates module resolution by pushing a root NODE_PATH, which is unusual and may cause it to load unexpected modules from that path.
Persistence & Privilege
always is false, no install steps, and the skill does not modify other skill or system-wide configurations. It runs only when invoked.
What to consider before installing
This skill appears to do what it says (manage QQ groups via a OneBot WebSocket), but review and consider the following before use: - The helper script can read any local file when you pass a parameter like key=@/path/to/file. That is necessary for uploading portrait files, but it also means a malicious or mistaken invocation could read sensitive files and send their contents over the WebSocket. Only run the script in a trusted environment and avoid passing paths to sensitive files. - The code contains a hardcoded default token (ONEBOT_WS_TOKEN) and a nonstandard NODE_PATH. Treat the embedded token as suspicious: confirm whether it is intended, remove or replace it, and set your own token via ONEBOT_WS_TOKEN. Consider asking the publisher why the token is hardcoded. - Verify the ONEBOT_WS_URL you use. The default is localhost (ws://127.0.0.1:13001), which is safer; do not point the skill at an untrusted remote WebSocket endpoint unless you understand the implications. - If you do not trust the source (homepage unknown), consider running the script in a sandbox or reviewing/modifying the code (e.g., restrict file-read behavior to image paths only and remove the hardcoded token) before enabling the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk973v101dmsn77sw9a6yxxazfx8458pf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments