Skill 1
PassAudited by ClawScan on May 1, 2026.
Overview
This QR-code generator appears purpose-aligned, with the main cautions being its automatic Python package install and the fact that QR outputs can intentionally contain WiFi passwords.
This skill looks safe for ordinary QR-code generation. Before installing, be aware that it may install a Python dependency from PyPI if missing, and do not share QR codes that contain WiFi passwords or personal contact details beyond the intended audience.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill may install third-party Python packages on the local machine if they are not already present.
If the qrcode package is missing, the script downloads and installs an unpinned PyPI dependency during normal use. This supports the QR-generation purpose and is disclosed in SKILL.md, but it is still a supply-chain/provenance point for users to notice.
subprocess.check_call([sys.executable, "-m", "pip", "install", "qrcode[pil]", "-q"])
Install in an environment where adding Python packages is acceptable, or preinstall and pin the dependency through a trusted package-management process.
A generated WiFi QR code can reveal or share the network password with unintended viewers if the image is distributed broadly.
The skill intentionally accepts a WiFi password and encodes it into the generated QR payload. This is purpose-aligned, but the resulting QR code can grant network access to anyone who receives or scans it.
parser.add_argument("--wifi-pass", help="Generate WiFi QR: password")Only generate and share WiFi QR codes for trusted recipients, and store or delete the output file according to how sensitive the network password is.