Url Shortener
PassAudited by VirusTotal on May 7, 2026.
Overview
Type: OpenClaw Skill Name: dinghaibin-url-shortener Version: 1.0.0 The skill is a straightforward local URL shortener and QR code generator. It manages a local JSON database in the user's home directory (`~/.url_shortener.json`) and uses the legitimate `qrcode` library for image generation. The code in `scripts/shorten.py` is clean, lacks any dangerous execution sinks (like eval or system calls), and strictly follows the functionality described in `SKILL.md`.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Long URLs can contain private query parameters or tokens, and those URLs will remain on disk until the file is deleted.
The script persists all shortened URL records in a home-directory JSON file.
DATA_FILE = Path.home() / '.url_shortener.json' ... json.dump(data, f, indent=2)
Avoid storing URLs that contain secrets, and delete ~/.url_shortener.json if you want to clear the local history.
If QR generation is used and the dependency is missing, a user or agent may need to install a PyPI package.
The optional QR feature points users to an unpinned external package install, but the artifact does not auto-install it.
print("Error: qrcode not installed. Run: pip install qrcode[pil]")Install dependencies from trusted sources, preferably in a virtual environment and with pinned versions if reproducibility matters.
A chosen QR output path could overwrite an existing writable file.
QR generation writes an image to either a default file or a user-supplied path.
qr_file = args.qr_file or 'qrcode.png' ... img.save(output_file)
Use a safe output path and confirm before saving over existing files.