How do I approve a new QQ user?

When a user attempts to pair, use the command '/qqbot:access pair ' where the code is the 6-character string generated by the pending request.

Where is the access data stored?

All access configurations, including allowlists and pending pairings, are stored locally on your machine in the ~/.claude/channels/qqbot/access.json file.

What happens if I set the policy to 'disabled'?

Setting the policy to 'disabled' prevents any new pairings or interactions through the QQ Bot channel, effectively shutting down DM access.

Is this skill secure against malicious QQ messages?

Yes, the skill is designed to only accept commands from your local terminal. It explicitly refuses access mutations triggered by channel notifications to prevent prompt injection attacks.

QQ Bot Access Manager

Name: QQ Bot Access Manager
Author: hank9999

byhank9999

•

Gestión de Redes Sociales

Manages access control and pairing policies for the QQ Bot Claude Code channel.

The QQ Bot Access Manager skill provides a secure administrative interface for controlling who can interact with your Claude instance via the QQ messaging platform. It allows users to approve pairing requests using unique 6-character codes, manage persistent allowlists via QQ OpenIDs, and toggle global direct message policies. Designed with security as a priority, this skill only processes commands entered directly into the local terminal, ensuring that remote prompt injection attempts via QQ messages cannot modify your bot's access settings or permissions.

Características Principales

01Local-only execution to prevent remote prompt injection

02Real-time status tracking of pending and approved users

03Secure pairing via 6-character verification codes

049 GitHub stars

05Configurable DM policies: pairing, allowlist, or disabled

06Persistent allowlist management for QQ OpenIDs

Casos de Uso

01Restricting bot interactions to a private group of team members

02Auditing and removing unauthorized users from the bot's allowlist

03Authorizing a specific QQ user to start a session with Claude

Características Principales

01Local-only execution to prevent remote prompt injection

02Real-time status tracking of pending and approved users

03Secure pairing via 6-character verification codes

049 GitHub stars

05Configurable DM policies: pairing, allowlist, or disabled

06Persistent allowlist management for QQ OpenIDs

Casos de Uso

01Restricting bot interactions to a private group of team members

02Auditing and removing unauthorized users from the bot's allowlist

03Authorizing a specific QQ user to start a session with Claude