ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

QR Code Generator

v1.1.0

Generate QR codes from text, URLs, WiFi credentials, vCards, or any data. Use when the user wants to create a QR code, share a link as a scannable code, gene...

0· 653·1 current·1 all-time
by@claudiodrusus
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the included Python script and examples. There are no unrelated environment variables, binaries, or config paths requested; required capabilities are proportional to a QR generator.
Instruction Scope
SKILL.md instructs the agent to run the bundled script with explicit arguments and examples (URLs, WiFi strings, vCards, ASCII, PNG, SVG). The instructions do not ask the agent to read unrelated files, environment variables, or transmit data to external endpoints. Note: the script will install a Python package at runtime if missing (network activity to PyPI).
Install Mechanism
There is no install spec in the registry (instruction-only), which is low-risk. The included script calls pip to auto-install the qrcode[pil] package if missing; this is a common pattern but does perform network downloads and executes package install steps in the runtime environment (moderate supply-chain risk).
Credentials
The skill requests no environment variables, credentials, or config paths. The WiFi/password and vCard data are provided as command-line args or data strings and are encoded only into the QR output; no other secrets are requested or accessed.
Persistence & Privilege
The skill is not forced-always, is user-invocable, and does not modify other skills or global agent configuration. It does not request elevated or persistent privileges.
Assessment
This skill appears to do exactly what it claims (generate QR codes) and includes a small Python script. Before using: (1) be aware the script will run pip install qrcode[pil] if the package is missing — this performs network downloads and installs into your Python environment (run it in a virtualenv if you prefer isolation); (2) inspect/verify the qrcode package on PyPI if you have supply-chain concerns; (3) remember any WiFi password or contact info you encode will be visible to anyone who scans or sees the generated image; and (4) the script will overwrite files at the given output path, so avoid paths you can't afford to replace.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b0c7bs6gggkk9c80n65tkj581nxxq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments