qqbot-upgrade

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). They point to a raw .sh script on GitHub and the skill explicitly instructs piping it to bash (remote code execution); although hosted in a GitHub org that appears legitimate, executing unreviewed remote scripts is a high-risk vector for malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly instructs fetching and executing a remote script from raw.githubusercontent.com (curl -fsSL https://raw.githubusercontent.com/tencent-connect/openclaw-qqbot/main/scripts/upgrade-via-npm.sh | bash), which ingests public third-party code that can materially change execution and thus could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill runs a runtime command that fetches and executes remote code via curl | bash from https://raw.githubusercontent.com/tencent-connect/openclaw-qqbot/main/scripts/upgrade-via-npm.sh, so the external URL directly controls execution.