Latest release: v2026.5.28Download zip
Capabilities
Compatibility
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The package is coherent for a QQ Bot channel plugin: it handles QQ messaging, media, scheduled reminders, channel API calls, and approval flows. The concern is that these include high-impact capabilities such as posting/deleting QQ channel content, creating recurring jobs, and approving local exec actions.
Instruction Scope
The reminder skill uses broad mandatory trigger language and builds future agent turns from reminder content, which is purpose-aligned but under-scoped for accidental scheduling and prompt-injection-style reminder text.
Install Mechanism
The package is an official @openclaw/qqbot release with source-linked metadata and no package install scripts observed; runtime JavaScript is expected for a channel plugin.
Credentials
Network access to QQ APIs, local media handling, and local state files fit the plugin purpose. One user-facing media quota error can expose a local filesystem path, which is unnecessary but not evidence of exfiltration.
Persistence & Privilege
The runtime snapshots appId/clientSecret into ~/.openclaw/qqbot/data credential backup files and can restore them automatically when config is empty; logout clears config fields but does not appear to delete the backup.
Scan Findings in Context
[VirusTotal] expected: Telemetry is clean, with no malicious or suspicious engine detections.
[suspicious.exposed_secret_literal] expected: Static scan hits were variable/property assignments named clientSecret, not hardcoded secret literals in the inspected lines.
[SQP-2] expected: Credential persistence is intentional hot-upgrade recovery for a bot channel, but plaintext local backup and automatic restoration are real review concerns.
[SQP-1] unexpected: The reminder instructions require tool use for broad reminder-related keywords, which can over-trigger scheduling from ambiguous conversation.
[SQP-3] expected: Asia/Shanghai defaults are consistent with the QQ context but should be understood as a regional default that may misfire for other users.
[SSD-1] unexpected: Reminder content is inserted into a future agent prompt rather than treated purely as inert data, creating a persistent prompt-injection risk.
[SSD-3] unexpected: Exposing a server-local file path in a user-facing upload-limit error is unnecessary for the plugin purpose.
What to consider before installing
Install only if you are comfortable giving this plugin QQ bot credentials, QQ messaging/channel mutation authority, local media access, and reminder/approval workflows. Configure explicit allowlists and execApprovals approvers, review recurring reminders, and treat the credential backup under ~/.openclaw/qqbot/data as sensitive data that may need manual removal when decommissioning the bot.dist/channel-8Efx0wKu.js:397
File appears to expose a hardcoded API secret or token.
dist/config-schema-iX2iJzKm.js:232
File appears to expose a hardcoded API secret or token.
dist/gateway-CuTCxSqs.js:5136
File appears to expose a hardcoded API secret or token.
dist/runtime-DWfbz21q.js:1857
File appears to expose a hardcoded API secret or token.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.