ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

PicSee URL Shortener & QR Codes (Web)

v1.0.0

Quickly shorten URLs and generate QR codes via PicSee (picsee.io). After logging in, you can also view analytics and history. Use when user says "縮網址", "短網址"...

0· 542·0 current·0 all-time
byPicSee Inc.@picseeinc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the instructions: the skill automates picsee.io via the agent's browser tools to shorten URLs and (optionally) generates a QR image locally. The venv-and-qrcode steps are proportionate to the optional QR feature.
Instruction Scope
Instructions are narrowly scoped to interacting with picsee.io, taking snapshots, and optionally creating a QR image. A notable point: the skill requires using profile: "openclaw" for the browser tool, which implies using a stored browser session/cookies (needed to access analytics/history when logged in) — that can expose other logged-in page content if the profile contains multiple site sessions. It also instructs creating files (venv in ~ and /tmp/picsee_qr.png).
Install Mechanism
There is no packaged install spec, but the runtime instructions run pip install inside a virtualenv (qrcode, pillow) when QR generation is requested. This is a normal approach but does fetch third-party packages from PyPI and writes a persistent venv directory to the user's home.
Credentials
The skill requests no environment variables or secret credentials. The only implicit sensitive access is via the browser profile (for logged-in functionality). No unrelated service tokens or system credentials are requested.
Persistence & Privilege
always:false and agent-invocation are normal. The skill does create persistent files (~/openclaw_python_venv) and temporary output (/tmp/picsee_qr.png) when QR generation is used. It does not modify other skills or system-wide configs.
Scan Findings in Context
[no-findings] expected: The regex scanner found no code to analyze because this is an instruction-only skill (SKILL.md). The lack of findings is expected but not proof of safety; runtime actions (browser profile use, pip install) cannot be scanned here.
Assessment
This skill appears to do what it claims, but consider these points before installing: (1) It uses the agent's browser profile (profile: "openclaw") to interact with picsee.io — if that profile contains other logged-in sessions, snapshots could capture unrelated sensitive page content; use an isolated profile if you are concerned. (2) QR generation runs pip install inside a venv in your home (~) and will download packages from PyPI; if you prefer, review or pre-create the venv and packages yourself. (3) The skill creates persistent files (~/openclaw_python_venv) and temporary images (/tmp/picsee_qr.png) which you may want to remove after use. (4) No environment variables or credentials are requested by the skill itself; however, logging into PicSee via the browser will expose your PicSee session to the agent. If these behaviors are acceptable, the skill is internally consistent with its purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dtvnqzg0jdvmp6qs9yt1qgn81br3t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

PicSee URL Shortener

Quickly shorten long URLs and generate QR codes via PicSee (picsee.io). After logging in, you can also access analytics and history records.

Important Rules

  • Always use profile: "openclaw"
  • Each snapshot generates new refs - don't reuse old refs
  • If any step fails, restart from Step 1
  • When reading files, only use file_path parameter - don't pass path: "" (empty string causes EISDIR errors)
  • QR code is opt-in - Don't generate QR code unless user explicitly asks for it (saves tokens)
  • Use virtual environment for QR generation - Ensures qrcode package is always available without polluting system Python

Workflow

Core technique: URL-encode the link and append it to the query string, PicSee will auto-shorten it. Only generate QR code if user requests it (to save tokens).

Step 1: Open PicSee with URL

URL-encode the long URL, then append it to https://picsee.io/?url=.

Use browser tool:

action: "open"
profile: "openclaw"
targetUrl: "https://picsee.io/?url=(URL-encoded long URL)"

URL encoding example:

  • Original: https://example.com/path?a=1&b=2
  • Encoded: https%3A%2F%2Fexample.com%2Fpath%3Fa%3D1%26b%3D2
  • Full: https://picsee.io/?url=https%3A%2F%2Fexample.com%2Fpath%3Fa%3D1%26b%3D2

Save the returned targetId - you'll need it for following steps.

Step 2: Wait for shortening to complete

Use browser tool to wait 3 seconds:

action: "act"
profile: "openclaw"
targetId: "(targetId from Step 1)"
request:
  kind: "wait"
  timeMs: 3000

Step 3: Extract shortened URL

Take a snapshot and extract the shortened URL from the page content:

action: "snapshot"
profile: "openclaw"
targetId: "(targetId from Step 1)"
refs: "aria"

Read the snapshot text and identify the shortened URL. PicSee displays the result prominently on the page after shortening completes. Look for:

  • A clickable link that looks like a short URL
  • Text that says "shortened URL" or similar followed by a link
  • Any URL that's clearly shorter than the original input

If you can't find the short URL in the snapshot, wait another 3 seconds and retry. If still not found after 2 retries, use the fallback method (see below).

Step 4: Reply with short URL and ask about QR code

Reply with the shortened URL only. Do NOT generate QR code by default.

Reply in the same language as the user's original request. Example format in English:

Short URL: https://pse.is/xxxxx

Need QR code?

The language model will automatically translate this to the user's language if needed.

Wait for user response. If user confirms they want QR code, proceed to Step 5.

Step 5 (Optional): Generate QR code with virtual environment

Only run this step if user explicitly requests QR code.

Use Python virtual environment to ensure qrcode package is available:

# Check if venv exists, create if not
if [ ! -d ~/openclaw_python_venv ]; then
  python3 -m venv ~/openclaw_python_venv
  source ~/openclaw_python_venv/bin/activate
  pip install qrcode pillow
else
  source ~/openclaw_python_venv/bin/activate
fi

# Generate QR code
python3 - <<'PY'
import qrcode
qr = qrcode.QRCode()
qr.add_data("THE_SHORT_URL_HERE")
qr.make(fit=True)
img = qr.make_image(fill_color="black", back_color="white")
img.save("/tmp/picsee_qr.png")
print("QR code saved")
PY

After generation, send the QR code image file using message tool with filePath: "/tmp/picsee_qr.png".

Fallback Method (when quick method fails)

If Step 1's URL parameter method doesn't auto-shorten (page stays on homepage), use manual operation:

  1. snapshot to get page element refs (refs: "aria")
  2. Find the input box (textbox named "網址貼這裡") and button (img "PicSee!")
  3. act type to enter the URL in the input box
  4. act click to click the shorten button
  5. Return to Steps 2-4 to extract results

Common Error Handling

  • EISDIR error: When reading files, don't pass path: "", only use file_path parameter
  • Unknown ref: Ref has expired, re-run snapshot to get new refs
  • tab not found: Page was closed, restart from Step 1
  • Short URL not visible in snapshot: Increase wait time to 5000ms and retry
  • Still can't find short URL: Switch to fallback method
  • venv creation fails: Check Python version with python3 --version (need 3.3+)

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…