📦 量子密信-Openclaw对接 — 技能工具
v1.0.2帮助中国电信同人及客户实现通过量子密信调用 OpenClaw 机器人。支持文本、图片、附件及状态栏反馈。
1· 502·0 当前·0 累计
by 安全扫描
OpenClaw
可疑
medium confidenceThe skill is broadly coherent with its stated purpose (integrating Quantum Messenger with OpenClaw), but the implementation contains risky behaviors — unescaped shell execution, uploading arbitrary local files to an external HTTP endpoint, and use of plain‑HTTP endpoints — that could lead to remote code execution or data exfiltration.
评估建议
This skill appears to implement the advertised Quantum Messenger <-> OpenClaw bridge, but it has concrete implementation risks you should address before deploying:
- Command injection risk: the code builds a shell command with unescaped JSON (exec). Replace exec with a safe invocation (child_process.spawn with argument array) or otherwise sanitize input to avoid arbitrary command execution.
- Arbitrary-file upload / exfiltration: the listener will upload any local file path returned by the A...详细分析 ▾
✓ 用途与能力
Name/description match the code: listener receives webhook messages and forwards them to OpenClaw, then returns text/media via the Quantum Messenger webhook. Required binary (node) and QUANTUM_KEY credential are appropriate for this integration. The script expects an installed OpenClaw CLI (documented in README), so the requested items are proportionate to the declared purpose.
⚠ 指令范围
The runtime instructions and code go beyond simple message forwarding in risky ways: the listener executes a shell command 'openclaw agent --message <json>' by interpolating JSON directly into a shell string (child_process.exec), which makes the host vulnerable to command injection from attacker-controlled input. The listener also inspects AI responses for local file paths (IMAGE:/FILE:) and, if present, will read arbitrary local files and upload them to an external endpoint — this can exfiltrate sensitive files from the server. Network calls use plain HTTP with the QUANTUM_KEY in query strings, exposing the key in transit and logs. These behaviors are functional for the feature set but are high-risk and should be hardened.
✓ 安装机制
No external install spec (instruction-only with included scripts) — low install risk. The code does not pull remote archives or execute installation downloads. The README asks operators to ensure OpenClaw is installed separately; that is consistent and expected.
ℹ 凭证需求
Only QUANTUM_KEY (and optionally QUANTUM_PORT) are required — that is proportionate. However, the code transmits that key in plaintext over HTTP to imtwo.zdxlz.com and uses it as a direct query parameter for upload/send operations, which increases credential exposure risk. The single env var is sensible, but transport and endpoint selection weaken that proportionality.
✓ 持久化与权限
The skill does not request always:true or other elevated platform privileges; it is user-invocable and does not auto-enable itself. It does run a persistent HTTP server (normal for webhook integrations) but does not modify other skills or system-wide agent settings.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.22026/3/3
- Version bump from 1.0.1 to 1.0.2 with no functional or content changes. - No files were modified in this release.
● 可疑
安装命令
点击复制官方npx clawhub@latest install quantum-messenger
镜像加速npx clawhub@latest install quantum-messenger --registry https://cn.longxiaskill.com
技能文档
--- name: quantum-messenger-im description: 帮助中国电信同人及客户实现通过量子密信调用 OpenClaw 机器人。支持文本、图片、附件及状态栏反馈。 version: 1.0.2 author: 上海电信政支中心/量子能力中心 技术经理 程沛及他的openclaw机器人助手:1号机(Gemini) (18918115454,chenpei.sh@chinatelecom.cn) tags: [quantum, im, chinatelecom, messaging] metadata: {"openclaw":{"requires":{"bins":["node"],"env":["QUANTUM_KEY"]},"primaryEnv":"QUANTUM_KEY"}}
# Quantum Messenger IM Skill
本技能由上海电信政支中心/量子能力中心技术经理程沛及他的openclaw机器人助手:1号机(Gemini)共同开发。
核心配置
- 端口: 默认 9001 (需安全组放通)。
- 机器人类型: 量子密信自定义会话机器人。
- KEY: 填入 scripts/ 目录下脚本对应位置。
开发者备注
- 文本回复: content 字段提取。
- 图片发送: type=1, imageMsg 字段。
- 附件发送: type=2, fileMsg 字段。
- 回调地址: 量子密信 APP 内机器人设置 URL。
详情请参阅 README.md。