Security audit

QRCode Generator

Security checks across malware telemetry and agentic risk

Overview

This QR-code skill is purpose-aligned and discloses its third-party API use, but users should not enter sensitive QR contents because the payload is sent to api.qrserver.com.

Install only if you are comfortable sending each QR payload to api.qrserver.com. Do not use it for passwords, private keys, internal links, recovery URLs, Wi-Fi credentials, or other sensitive content unless that disclosure is acceptable; choose an offline QR generator for private data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill documentation indicates outbound network use via a third-party QR API, but no corresponding permission declaration is present. This can mislead users and reviewers about data flow, causing user-supplied text or URLs to be transmitted externally without clear capability disclosure.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The skill claims a simple local PNG QR generator, but its documented behavior sends user input to an external third-party service and differs from the promised output behavior. This mismatch is dangerous because users may provide sensitive text, credentials, or contact data under the false assumption that processing is local and limited to PNG export.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The skill description implies local QR code generation and export, but the README discloses that user input is transmitted to the third-party service api.qrserver.com. This mismatch is security-relevant because users may provide sensitive text, URLs, WiFi credentials, or tokens under the assumption that processing is local, causing unintended data disclosure to an external party.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The implementation sends user-supplied content to a third-party web API even though the skill is described as a simple QR generator with no indication that generation occurs remotely. This creates a data disclosure risk because URLs, secrets, Wi-Fi credentials, or other sensitive text entered by users are transmitted off-host to an external service.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The skill transmits the full user-provided text or URL to `api.qrserver.com`, which is inconsistent with the context of a utility that users would reasonably expect to run locally. In this context, users may input sensitive payloads such as login links, access tokens, or Wi-Fi passwords, making undisclosed outbound transmission materially dangerous.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The code forwards all user input to an external QR service without any warning, consent, or privacy notice. Because QR content often includes secrets or internal URLs, this can leak sensitive data to a third party and to intermediary logs associated with the request URL.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.