ClawHub

我的二维码生成技能

Security checks across malware telemetry and agentic risk

Overview

This QR-code skill appears useful, but it can automatically install Python packages when loaded and writes generated QR images to disk, so it needs review before installation.

Install only if you are comfortable with the skill running pip to install qrcode and Pillow automatically. Prefer installing dependencies yourself in an isolated virtual environment, and choose an explicit save path for QR codes that may contain sensitive information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
__import__(package)  # 检查库是否已安装
        except ImportError:
            # 自动安装缺失的库
            subprocess.check_call([sys.executable, "-m", "pip", "install", package])

# 初始化:安装依赖库
install_dependencies()
Confidence
96% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", package])

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill performs package management as a side effect of import, which is unrelated to its stated QR-code functionality and introduces an unnecessary execution path with elevated risk. This creates supply-chain exposure, may alter the runtime unexpectedly, and can trigger network access and code execution from third-party packages in environments that expect deterministic, non-mutating skills.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly describes saving generated QR code images to disk, with a default location on the desktop, but does not prominently warn the user that local files will be created if no path is provided. This can lead to unintended persistence of sensitive content such as WiFi credentials, phone numbers, or private URLs in an easily discoverable location, increasing privacy and data exposure risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill states it will automatically attempt to install qrcode and Pillow if dependencies are missing, but does not clearly warn that this may modify the user's Python environment. Automatic package installation can change system state, introduce supply-chain risk, or break existing environments, especially when performed without explicit consent.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
Automatically installing packages via pip without prior warning or confirmation violates least surprise and can change the system state unexpectedly. In agent or sandboxed environments, this behavior is especially dangerous because merely importing the file can trigger network access, package downloads, and execution of installer-controlled code paths.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal