ClawHub

QR Code Decode

v0.1.0

Use when you need to extract QR code or barcode content from an image — given a screenshot, photo URL, or local image file containing a QR code, DataMatrix,...

0· 36·0 current·0 all-time
by@edwincen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, README, and SKILL.md consistently describe calling a remote QR/barcode detection API (https://data.cli.im/x-deepscan/vision/detect). There are no unexpected binaries, credentials, or installs requested — everything asked for is proportional to decoding QR codes from images.
Instruction Scope
Instructions explicitly direct the agent to POST image URLs or base64-encoded local images to the external API. That is within scope for decoding QR codes, but it means image data (including any sensitive content in screenshots) will be transmitted off-host. Examples also show base64 expansion of local files, which — if run without care — will upload local files.
Install Mechanism
No install spec and no code files are present (instruction-only). This minimizes disk writes and local execution risk.
Credentials
The skill requests no environment variables, credentials, or config paths. No excessive or unrelated secrets are demanded.
Persistence & Privilege
The skill is not always-on and uses normal agent invocation rules. It does not request elevated or persistent privileges or attempt to modify other skills or system settings.
Assessment
This skill simply forwards images (URL or base64) to a third-party API (data.cli.im). Before using it, verify you trust that service and its privacy practices — do not send images containing passwords, private keys, personal data, or proprietary screenshots unless you are comfortable those will be sent to and processed by the remote endpoint. Prefer testing with non-sensitive images first. Note the SKILL.md claims SSRF protection for URL inputs, but you should not assume internal network resources are safe to reference until you can verify the provider's behavior. If you cannot trust an external service, consider running a local QR-decoding tool instead.

Like a lobster shell, security has layers — review code before you run it.

barcodevk970meendacjyksrkcaannnpxh8406jadecodevk970meendacjyksrkcaannnpxh8406jadetectionvk970meendacjyksrkcaannnpxh8406jaimagevk970meendacjyksrkcaannnpxh8406jalatestvk970meendacjyksrkcaannnpxh8406jaqrcodevk970meendacjyksrkcaannnpxh8406ja

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments