OneBot消息发送 Security Report — Low Risk | ClawSafe

15 /100

OneBot消息发送

通过 OneBot HTTP API 使用本地命令发送 QQ 私聊或群消息

A straightforward OneBot QQ messaging skill with clear documentation, limited to localhost API calls with no hidden functionality.

Skill NameOneBot消息发送

Duration31.4s

Enginepi

✓

Safe to install

Skill is safe for use. Monitor for potential abuse via prompt injection attempting to send unauthorized messages.

Findings 1 items

Severity	Finding	Location
Low	Documentation Only Skill Doc Mismatch This skill contains only documentation/instructions with no executable code. Actual behavior depends on the calling AI agent's implementation of the documented curl commands. `# Skill: OneBot消息发送` → Document this limitation clearly and ensure calling systems validate curl commands before execution	`SKILL.md:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No filesystem access declared or observed
Network	`READ`	`READ`	✓ Aligned	HTTP POST to localhost OneBot API only
Shell	`WRITE`	`WRITE`	✓ Aligned	curl execution restricted to OneBot API commands only
Environment	`NONE`	`NONE`	—	No environment variable access

2 findings

🔗

Medium External URL 外部 URL

http://127.0.0.1:5700/send_private_msg

SKILL.md:49

🔗

Medium External URL 外部 URL

http://127.0.0.1:5700/send_group_msg

SKILL.md:58

2 files · 2.5 KB · 97 lines

Markdown 1f · 89L JSON 1f · 8L

├─ 📋 _meta.json JSON 8L · 175 B

└─ 📝 SKILL.md Markdown 89L · 2.3 KB

Package	Version	Source	Known Vulns	Notes
`curl`	`N/A`	system binary	No	External dependency not managed by skill

✓ All behavior explicitly documented in SKILL.md

✓ Network access restricted to localhost only (127.0.0.1)

✓ Explicit rule denying non-OneBot shell commands

✓ No credential harvesting or environment variable access

✓ No obfuscation or base64-encoded payloads

✓ No external IP connections or data exfiltration

✓ No sensitive file access (SSH, AWS, .env)

✓ Clear use case with no suspicious patterns