← Back to Skills Marketplace
957
Downloads
0
Stars
2
Active Installs
4
Versions
Install in OpenClaw
/install openqq
Description
QQ bot integration for OpenClaw with session isolation, logging, and AI auto-reply. Supports private chat and group @messages.
Usage Guidance
This skill is plausibly a legitimate QQ bot, but review these points before installing:
- The runtime spawns a local 'openclaw' CLI (spawn('openclaw', ...)). Ensure you actually have a trusted OpenClaw binary on PATH; the skill metadata did not declare this binary requirement. Without it the skill will fail or may spawn something unexpected.
- The skill stores QQ credentials in ~/.openclaw/workspace/open-qq-config.json — keep file permissions tight (chmod 600) and do not commit it. The logger may record message contents and API responses; review logger.sanitizeMessage and consider stricter filtering or disabling debug logging in production.
- Several files/scripts assume /root paths (default logDir, start-qq-bot.sh cd /root/...). If you run as a non-root user, adjust paths and service files before deploying.
- The package.json relies on npm packages; 'npm install' will download dependencies from npm. Inspect the installed packages (axios, ws) versions and lockfile if you need supply-chain assurance.
- Metadata mismatches (package version vs registry version, missing declared required binaries) and small inconsistencies indicate the author may have shipped quickly — audit the code (qq-bot.js and logger.js) if you don't fully trust the source, and test in an isolated environment first.
If you decide to proceed: run it in a sandbox/container or test VM, verify the OpenClaw binary and QQ endpoints are the ones you expect, tighten config/log permissions, and run with non-root user privileges.
Capability Analysis
Type: OpenClaw Skill
Name: openqq
Version: 0.0.5
The skill is suspicious due to a significant prompt injection vulnerability. The `qq-bot.js` file passes unsanitized user message content directly from QQ (`messageData.content`) as the `--message` argument to the `openclaw agent` via `child_process.spawn`. While `spawn` mitigates shell injection for the command itself, the AI agent's input is vulnerable to manipulation by malicious QQ users. This vulnerability is explicitly demonstrated in the `package.json`'s `test-msg` script, which takes arbitrary command-line input and passes it directly to the `openclaw agent --message` argument. This design flaw allows external users to potentially control the AI agent's behavior, leading to unintended actions, data access, or command execution depending on the agent's capabilities.
Capability Assessment
Purpose & Capability
The code implements a QQ bot that spawns a local 'openclaw' CLI to generate replies — that is consistent with the description. However the skill metadata/requirements list no required binaries or primary credential even though runtime behavior depends on a local 'openclaw' executable and Node.js. The SKILL.md and package.json hint at using 'openclaw agent' (e.g., test-msg), but the skill did not declare the 'openclaw' CLI as a required binary. This is an incoherence that could surprise users.
Instruction Scope
SKILL.md instructs to install dependencies and run npm start and shows examples using 'openclaw agent', but does not clearly state that a functioning local OpenClaw binary must be installed and on PATH. The code spawns the 'openclaw' process and logs raw outputs; runtime will therefore run local commands and read the user's config file (~/.openclaw/workspace/open-qq-config.json). The instructions are otherwise within the bot's purpose (QQ <-> OpenClaw bridge) but are incomplete about runtime requirements and where data flows.
Install Mechanism
There is no automated install spec (instruction-only), but the package includes code files and package.json declaring npm deps (axios, ws). No external arbitrary downloads or extract steps are used. Installing requires running 'npm install' locally which will fetch packages from the npm registry — expected for a Node project. Because code files are included, installing/running will write logs and possibly create directories under /root by default; this is a local disk persistence consideration.
Credentials
Credentials are stored in a local config file (~/.openclaw/workspace/open-qq-config.json) rather than environment variables; that matches the stated design. This is proportionate for a QQ bot. Concerns: (1) default logDir in logger.js uses /root/.openclaw/... which may be incorrect for non-root users and could cause permission issues or leak file locations, (2) logging includes request/response payloads (logger.logApiCall logs response.data) and the sanitizer uses a simple regex that may not catch all secrets — logs may thus contain sensitive content unless you verify/configure sanitization and permissions.
Persistence & Privilege
The skill does not request always:true, does not declare special system-wide privileges, and does not modify other skills. It suggests systemd deployment in docs (normal for a daemon). The agent can invoke the skill (default) but the skill itself runs as a user process when you start it; there is no evidence it enables itself persistently beyond typical service installation steps you would perform.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openqq - After installation, invoke the skill by name or use
/openqq - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.0.5
- Initial public release with full source code and dependencies.
- Added configuration samples, health check script, and npm command instructions.
- Supports session isolation for private and group chats.
- Provides logging and AI auto-reply for QQ chats.
- English documentation streamlining all usage and setup information.
v0.0.4
openqq v0.0.4
- Improved English documentation and added troubleshooting, features, and security sections in SKILL.md for clarity.
- Clarified npm command usage and descriptions.
- Included external resource links for further reference.
- Security section now specifies use of spawn over exec, and session ID whitelisting.
- No functional or code changes; updates focus on clearer user onboarding and documentation.
v0.0.3
openqq v0.0.3
- Added CHANGELOG.md, CONFIG.md, scripts/health-check.sh, and _meta.json for improved documentation and monitoring.
- Extended npm scripts for setup, health check, and log viewing.
- Updated documentation with configuration, usage, and security instructions.
- Introduced token retry mechanism and graceful shutdown handling.
- Improved logging and session isolation logic.
v0.0.1
qq-aibot v1.0.0
- Initial release with QQ bot integration for OpenClaw
- Features advanced logging with Chinese timezone, log rotation, and sensitive data filtering
- Automatic session compression and archiving
- Dynamic user identity mapping and classification
- Security features: command injection protection and credential management via environment variables
- Supports external JSON configuration for easy maintenance
Metadata
Frequently Asked Questions
What is Openqq?
QQ bot integration for OpenClaw with session isolation, logging, and AI auto-reply. Supports private chat and group @messages. It is an AI Agent Skill for Claude Code / OpenClaw, with 957 downloads so far.
How do I install Openqq?
Run "/install openqq" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Openqq free?
Yes, Openqq is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Openqq support?
Openqq is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Openqq?
It is built and maintained by Zao_hon (@zaohon); the current version is v0.0.5.
More Skills