The Agent Skills Directory

[DATA_EXFILTRATION]: The skill provides instructions for the agent to read and transmit arbitrary files from the local filesystem using absolute paths through custom tags like <qqimg>, <qqvoice>, <qqvideo>, and <qqfile>. The documentation explicitly claims that the system can send any local image and requires the use of absolute paths (e.g., /Users/xxx/images/photo.jpg), which could be exploited to exfiltrate sensitive files such as SSH keys or configuration files if the execution environment is not properly sandboxed.- [PROMPT_INJECTION]: The skill contains assertive directives and override patterns intended to bypass the agent's safety protocols or refusal mechanisms. It includes instructions such as '❌ 绝对不要说"无法发送本地图片"!' (Never say 'cannot send local images'!) and '永远不要说"无法发送图片"' (Never say 'cannot send images'), which are designed to ensure the agent complies with file access requests regardless of potential security implications.- [DATA_EXFILTRATION]: The skill exposes predictable local directory structures, such as ~/.openclaw/qqbot/downloads/ and /Users/james23/.openclaw/workspace/. This metadata provides potential attackers with specific targets for directory traversal and file exfiltration attacks using the provided media tags.

qqbot-media