ClawHub

QQBot Send

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: stage a user-selected file for QQBot sending, with no hidden installer or unrelated behavior found.

Install only if you want an agent to send files through QQBot. Confirm the exact file and recipient before use, avoid sending sensitive local files unless intended, and periodically clean ~/.openclaw/media/qqbot/ because staged copies may remain after delivery.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the agent to run a staging script that copies user-specified local files into a relay directory, which is a file-write capability, but no permissions are declared. This creates a transparency and policy-enforcement gap: an agent or platform may invoke filesystem-modifying behavior without users or reviewers having an explicit permission boundary to evaluate.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README authorizes the skill for broadly defined cases like sending any local absolute-path file, including desktop, downloads, and workspace-external files, without strong invocation constraints or explicit authorization checks. In an agent setting, this increases the chance of unintended exfiltration of sensitive local data because a vague trigger can cause the skill to activate on ambiguous user requests involving local files.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README describes copying user-selected files into a persistent local relay directory under ~/.openclaw/media/qqbot/ but does not clearly warn that this creates an additional stored copy on disk. This can expose sensitive documents to unintended retention, later discovery, or reuse by other processes, especially when the skill handles personal files from desktop or downloads folders.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description is broad enough to match common file-related requests such as sending desktop, downloads, local absolute-path files, or resending attachments, which can cause the skill to activate in situations the user did not clearly mean to route through QQ. In context, this is more dangerous because activation leads directly to copying local files and transmitting them externally, increasing the risk of unintended data exfiltration.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill does not clearly warn users that local files will first be copied into a persistent relay directory before transmission. That hidden staging step can leave additional copies of sensitive data on disk and changes the privacy/security posture of a simple 'send file' action, especially for personal or confidential documents.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal