QQBot Send Local Media
PassAudited by ClawScan on May 10, 2026.
Overview
The skill coherently stages and sends user-requested local files through QQBot, with bounded cleanup and no evidence of hidden exfiltration or destructive behavior.
This appears safe for its intended purpose: sending a specific local file through QQBot. Before installing or using it, confirm you trust the skill source, only provide files you actually want to send, and verify the QQ destination because the selected file content may leave your device.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user selects a sensitive file, it may be delivered through QQBot to the active QQ destination.
The skill intentionally passes local file media to QQBot using the qqmedia relay mechanism. This is purpose-aligned, but users should understand that selected local file contents may be sent outside the local machine.
Send the staged path with: - `<qqmedia>staged-absolute-path</qqmedia>`
Use only with files the user explicitly wants to send, and verify the QQ recipient or chat context before sending sensitive media.
The agent may run a local Python script to copy the requested file into the QQ media relay directory and later remove the staged copy.
The workflow requires executing a bundled Python helper. This is expected for staging and cleanup, and the provided source shows bounded local file copy/delete behavior without networking or obfuscation.
Run: - `python scripts/stage_media.py <source_path>`
Keep the bundled helper unchanged and avoid running modified or unreviewed replacement scripts.
A staged copy in the QQ media relay directory can be removed after sending; the original source file should not be touched.
The cleanup helper can delete files, but it confines deletion to paths resolving under ~/.openclaw/media/qqbot. The SKILL.md further instructs cleanup only for the exact staged path returned during the current send flow.
staged.relative_to(dest_dir) ... staged.unlink()
Only run cleanup on the exact path printed by the staging command, as the skill instructs.
Users have less external provenance information about who maintains the skill or where to verify it.
The package provenance is limited in the registry metadata. This is not a concern by itself because the artifact contains the helper source and no remote install mechanism or external dependencies are shown.
Source: unknown Homepage: none
Review the included SKILL.md and script before installing, and prefer updates from a known trusted source when available.