ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill 1

v1.0.0

Generate QR codes from text, URLs, WiFi credentials, vCards, or any data. Use when the user wants to create a QR code, share a link as a scannable code, gene...

0· 551·0 current·0 all-time
by@claudiodrusus·duplicate of @claudiodrusus/qr-gen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (QR code generation) align with the provided script and examples. The included Python script implements exactly the advertised features (text/URL, WiFi, vCard, PNG/SVG/ASCII). No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs running the bundled script and shows concrete examples. The instructions do not request system files, other environment variables, or network endpoints beyond installing dependencies from PyPI at runtime (described in the README). There is no guidance to collect or transmit user data to third-party endpoints.
Install Mechanism
No install spec (instruction-only), but the script auto-installs the qrcode[pil] package via pip at runtime using subprocess. This is expected for a self-contained Python utility, but it performs a network download from PyPI when first run — consider this when running in restricted or production environments.
Credentials
The skill declares no required environment variables, credentials, or privileged config paths. The script runs locally and writes only the requested output file(s).
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and has no persistent installation step that would alter global agent settings. Agent autonomous invocation remains the platform default and is not excessive here.
Assessment
This skill is coherent and implements a simple QR code generator. Before installing/running: (1) review the script if you want to confirm no changes to other files, (2) note that it will call pip to install qrcode[pil] the first time (which downloads from PyPI), so run it in a virtualenv/container if you want to avoid modifying system packages, and (3) ensure output paths given to the script are locations you intend to write to. If you need offline or pinned dependencies, consider pre-installing a vetted version of the qrcode package rather than allowing the runtime auto-install.

Like a lobster shell, security has layers — review code before you run it.

latestvk9770cv3qg0ssexrxfnj6n90px81mj8t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments