← 返回 Skills 市场

Openqq

Name: Openqq
Author: zaohon

作者 Zao_hon · GitHub ↗ · v0.0.5

cross-platform ⚠ suspicious

957

总下载

当前安装

版本数

在 OpenClaw 中安装

/install openqq

功能描述

QQ bot integration for OpenClaw with session isolation, logging, and AI auto-reply. Supports private chat and group @messages.

安全使用建议

This skill is plausibly a legitimate QQ bot, but review these points before installing: - The runtime spawns a local 'openclaw' CLI (spawn('openclaw', ...)). Ensure you actually have a trusted OpenClaw binary on PATH; the skill metadata did not declare this binary requirement. Without it the skill will fail or may spawn something unexpected. - The skill stores QQ credentials in ~/.openclaw/workspace/open-qq-config.json — keep file permissions tight (chmod 600) and do not commit it. The logger may record message contents and API responses; review logger.sanitizeMessage and consider stricter filtering or disabling debug logging in production. - Several files/scripts assume /root paths (default logDir, start-qq-bot.sh cd /root/...). If you run as a non-root user, adjust paths and service files before deploying. - The package.json relies on npm packages; 'npm install' will download dependencies from npm. Inspect the installed packages (axios, ws) versions and lockfile if you need supply-chain assurance. - Metadata mismatches (package version vs registry version, missing declared required binaries) and small inconsistencies indicate the author may have shipped quickly — audit the code (qq-bot.js and logger.js) if you don't fully trust the source, and test in an isolated environment first. If you decide to proceed: run it in a sandbox/container or test VM, verify the OpenClaw binary and QQ endpoints are the ones you expect, tighten config/log permissions, and run with non-root user privileges.

功能分析

Type: OpenClaw Skill Name: openqq Version: 0.0.5 The skill is suspicious due to a significant prompt injection vulnerability. The `qq-bot.js` file passes unsanitized user message content directly from QQ (`messageData.content`) as the `--message` argument to the `openclaw agent` via `child_process.spawn`. While `spawn` mitigates shell injection for the command itself, the AI agent's input is vulnerable to manipulation by malicious QQ users. This vulnerability is explicitly demonstrated in the `package.json`'s `test-msg` script, which takes arbitrary command-line input and passes it directly to the `openclaw agent --message` argument. This design flaw allows external users to potentially control the AI agent's behavior, leading to unintended actions, data access, or command execution depending on the agent's capabilities.

能力评估

⚠ Purpose & Capability

The code implements a QQ bot that spawns a local 'openclaw' CLI to generate replies — that is consistent with the description. However the skill metadata/requirements list no required binaries or primary credential even though runtime behavior depends on a local 'openclaw' executable and Node.js. The SKILL.md and package.json hint at using 'openclaw agent' (e.g., test-msg), but the skill did not declare the 'openclaw' CLI as a required binary. This is an incoherence that could surprise users.

⚠ Instruction Scope

SKILL.md instructs to install dependencies and run npm start and shows examples using 'openclaw agent', but does not clearly state that a functioning local OpenClaw binary must be installed and on PATH. The code spawns the 'openclaw' process and logs raw outputs; runtime will therefore run local commands and read the user's config file (~/.openclaw/workspace/open-qq-config.json). The instructions are otherwise within the bot's purpose (QQ <-> OpenClaw bridge) but are incomplete about runtime requirements and where data flows.

ℹ Install Mechanism

There is no automated install spec (instruction-only), but the package includes code files and package.json declaring npm deps (axios, ws). No external arbitrary downloads or extract steps are used. Installing requires running 'npm install' locally which will fetch packages from the npm registry — expected for a Node project. Because code files are included, installing/running will write logs and possibly create directories under /root by default; this is a local disk persistence consideration.

ℹ Credentials

Credentials are stored in a local config file (~/.openclaw/workspace/open-qq-config.json) rather than environment variables; that matches the stated design. This is proportionate for a QQ bot. Concerns: (1) default logDir in logger.js uses /root/.openclaw/... which may be incorrect for non-root users and could cause permission issues or leak file locations, (2) logging includes request/response payloads (logger.logApiCall logs response.data) and the sanitizer uses a simple regex that may not catch all secrets — logs may thus contain sensitive content unless you verify/configure sanitization and permissions.

✓ Persistence & Privilege

The skill does not request always:true, does not declare special system-wide privileges, and does not modify other skills. It suggests systemd deployment in docs (normal for a daemon). The agent can invoke the skill (default) but the skill itself runs as a user process when you start it; there is no evidence it enables itself persistently beyond typical service installation steps you would perform.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install openqq
安装完成后，直接呼叫该 Skill 的名称或使用 /openqq 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.0.5

- Initial public release with full source code and dependencies. - Added configuration samples, health check script, and npm command instructions. - Supports session isolation for private and group chats. - Provides logging and AI auto-reply for QQ chats. - English documentation streamlining all usage and setup information.

v0.0.4

openqq v0.0.4 - Improved English documentation and added troubleshooting, features, and security sections in SKILL.md for clarity. - Clarified npm command usage and descriptions. - Included external resource links for further reference. - Security section now specifies use of spawn over exec, and session ID whitelisting. - No functional or code changes; updates focus on clearer user onboarding and documentation.

v0.0.3

openqq v0.0.3 - Added CHANGELOG.md, CONFIG.md, scripts/health-check.sh, and _meta.json for improved documentation and monitoring. - Extended npm scripts for setup, health check, and log viewing. - Updated documentation with configuration, usage, and security instructions. - Introduced token retry mechanism and graceful shutdown handling. - Improved logging and session isolation logic.

v0.0.1

qq-aibot v1.0.0 - Initial release with QQ bot integration for OpenClaw - Features advanced logging with Chinese timezone, log rotation, and sensitive data filtering - Automatic session compression and archiving - Dynamic user identity mapping and classification - Security features: command injection protection and credential management via environment variables - Supports external JSON configuration for easy maintenance

元数据

Slug openqq

版本 0.0.5

许可证 —

累计安装 2

当前安装数 2

历史版本数 4

常见问题

Openqq 是什么？

QQ bot integration for OpenClaw with session isolation, logging, and AI auto-reply. Supports private chat and group @messages. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 957 次。

如何安装 Openqq？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openqq」即可一键安装，无需额外配置。

Openqq 是免费的吗？

是的，Openqq 完全免费（开源免费），可自由下载、安装和使用。

Openqq 支持哪些平台？

Openqq 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Openqq？

由 Zao_hon（@zaohon）开发并维护，当前版本 v0.0.5。