📸 QQ空间相册管理器

Name: qq-zone-photo
Author: wscats

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

40Medium

This skill is vulnerable to prompt

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

📸 QQ空间相册管理器: > QQ空间相册的自动化管理工具，支持扫码登录、相册浏览、照片上传/下载、相册创建等功能。

Actually does

This skill executes a Python script (`qzone_photos.py`) to manage QQ Zone photo albums. It uses `python3` to perform actions like logging in via QR code, listing/browsing albums, uploading/downloading photos, and creating albums. It requires and uses a `cookies.json` file for authentication, which contains QQ Zone session tokens (`p_skey`, `skey`, `uin`). It interacts with QQ Zone's non-official APIs.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerception1 finding

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction2 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Namewscats/qq-zone-photo

Registryclawhub

Version1.0.3

PURLpkg:clawhub/wscats/qq-zone-photo@1.0.3

Stars3

Downloads11,417

Source

Repository ↗

SHA-256503180dda8a1...

SHA-17c931ecdb51b...

MD52f09a706fec4...

TLSHe471746aac3a...

Size3,481 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/wscats/qq-zone-photo

11,417 downloads

ClawHubDocs

openclaw skills install wscats/qq-zone-photo

Assessments (2)

AI Agent Traps ↗

Prompt Injection Detectedmediumprompt injection

DeBERTa classifier detected prompt injection (confidence: 0.75)

75% confidence

Potential for SSRF, Path Traversal via Unsanitized Parametersmediumcommand execution

The skill executes a Python script with parameters like '--url', '--output', and '--photo'. If the underlying 'qzone_photos.py' script does not properly sanitize these inputs, a malicious AI agent could exploit them for Server-Side Request Forgery (SSRF) via '--url', arbitrary file writes via '--output', or arbitrary file reads via '--photo'.

70% confidenceline 55

python3 scripts/qzone_photos.py --action download --url "URL" --cookies cookies.json --output "PATH"
python3 scripts/qzone_photos.py --action upload --photo "/path/to/image.jpg" --album-id "ALBUM_ID" --cookies cookies.json

Handling of Sensitive QQ Zone Authentication Cookieslowcredential theft

The skill explicitly handles QQ Zone authentication cookies, which grant full account access. While the skill states credentials are stored locally and not uploaded, the presence and management of such sensitive data (e.g., via the 'login' action) makes it a potential target for misuse by a malicious AI agent or other system vulnerabilities.

80% confidenceline 4

metadata: {"openclaw":{"emoji":"📸","requires":{"auth":["qq-cookies"]}}}
Cookie 文件包含 QQ空间完整访问权限，请勿泄露或分享

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/wscats/qq-zone-photo.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/wscats/qq-zone-photo)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/wscats/qq-zone-photo"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/wscats/qq-zone-photo.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/wscats/qq-zone-photo.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow