Skills
skills/stvlynn/qclaw-skills/qqbot-media/Gen Agent Trust Hub

qqbot-media

Fail

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill implements a <qqmedia> tag that allows the agent to send files from absolute local paths (e.g., /Users/xxx/photo.jpg, /tmp/report.pdf) or remote URLs.
  • [DATA_EXFILTRATION]: Rule 4 explicitly commands the agent to bypass standard safety protocols: "You have the ability to send local images/files—directly wrap the path with the tag, do not say 'cannot send'". This instruction specifically targets the agent's safety guardrails that would normally prevent the exfiltration of sensitive local files.
  • [COMMAND_EXECUTION]: The skill grants the agent the capability to perform file system access and transmission operations across the entire local directory structure using absolute paths without restriction, sanitization, or path validation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 21, 2026, 04:45 PM