QR Code Generator
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a straightforward local QR-code generator, with the main things to notice being that it may auto-install a Python dependency and can encode WiFi passwords into the generated QR image.
This skill is reasonable to install if you are comfortable running a local Python script that may install qrcode[pil] from pip. Be careful with generated WiFi QR codes because the image contains the network password.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill may download and install third-party Python package code into the local environment.
If the qrcode library is missing, running the script installs an unpinned package from pip. This is disclosed in the skill instructions and supports the QR-generation purpose, but users should be aware of the dependency/provenance trust involved.
subprocess.check_call([sys.executable, "-m", "pip", "install", "qrcode[pil]", "-q"])
Install in a trusted Python environment and consider pre-installing or pinning the qrcode/Pillow dependency if reproducibility matters.
A WiFi QR code can reveal or share network access with anyone who receives or scans the image.
When used for WiFi QR generation, the supplied WiFi password is embedded directly into the QR payload. This is expected for the feature, but the resulting image grants network access to anyone who can scan it.
return f"WIFI:T:{security};S:{ssid};P:{password_str};H:{hidden_str};;"Only generate and share WiFi QR codes with trusted recipients, and treat the generated image like a password.