ClawHub

QR Code Generator

Security checks across malware telemetry and agentic risk

Overview

The QR generator appears mostly purpose-aligned, but it can automatically install Python packages at runtime without clear user approval or disclosure.

Review this before installing. It does not show clear malicious behavior, but running it may install Python packages automatically. Treat WiFi QR codes as credentials, avoid passing real passwords in commands that may be logged, and only write output files to paths you intend to modify.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
return qrcode
    except ImportError:
        import subprocess
        subprocess.check_call([sys.executable, "-m", "pip", "install", "qrcode[pil]", "-q"])
        import qrcode
        return qrcode
Confidence
96% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "qrcode[pil]", "-q"])

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The helper function silently expands the skill's behavior from data encoding into software installation, which is not necessary for generating QR codes. This increases attack surface and surprises operators by mutating the environment at runtime, making the skill more dangerous than its declared purpose suggests.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Executing package installation commands is a privileged side effect that is not justified by the skill's narrow QR-generation function. In context, this mismatch is especially concerning because a simple utility should not need to fetch and execute package-supplied code, creating supply-chain and host-integrity risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The WiFi example encourages passing SSIDs and passwords directly on the command line, which can expose secrets through shell history, process listings, logs, or screenshots. It also omits warning that the generated QR embeds the network credentials in recoverable form, so sharing the image may unintentionally disclose access to the network.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script automatically installs a package without warning or confirmation, so merely running QR generation can trigger network access and code execution from package sources. This is unsafe operationally and security-wise, especially in automated or sandboxed environments where users do not expect side effects beyond file creation.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal