Skill QR Card

v0.1.2

Generate styled QR images/cards for ClawHub skills so users can scan and install instantly. Supports install-command payloads, ClawHub links, and GitHub link...

⭐ 0· 316·1 current·1 all-time

byJack Lee@jackleeio

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description align with requested files and actions. The included script generates QR payloads for install/ClawHub/GitHub links and produces SVG (and optional PNG) outputs — all expected for a 'QR card' generator.

✓

Instruction Scope

SKILL.md instructs the agent to run the bundled script with CLI flags and to return generated image paths. The script only reads CLI args, writes files under ./images/, and optionally invokes ImageMagick; it does not read other config files, environment variables, or network endpoints.

ℹ

Install Mechanism

There is no install spec. The script requires Node and the npm package 'qrcode' (not declared) and will optionally call the system 'convert' binary to produce PNGs. This is operationally important (dependencies must be present) but not a security red flag.

✓

Credentials

No environment variables, credentials, or config paths are requested. The script only uses user-supplied CLI arguments (slug, title, mode, github, out).

✓

Persistence & Privilege

Skill is not always-enabled and does not request persistent system privileges. It writes output files to a local ./images/ directory (expected behavior) and does not modify other skills or system-wide configuration.

Assessment

This skill appears coherent and does what it claims, but check a few operational points before running: (1) Ensure your environment has Node and the 'qrcode' npm package (the repo does not declare an install step); (2) ImageMagick's 'convert' is optionally executed to create PNGs — verify you trust the 'convert' binary on the host; (3) The script writes files under ./images/ (it may overwrite similarly named files); (4) If you copy this into an automated agent, ensure the agent only supplies intended slugs/flags (the script will embed whatever you pass into the QR payload). If you want extra caution, run the script in a sandbox or container and review/lock the 'convert' binary before allowing automated invocation.

✗

scripts/generate_qr_card.js:93

Shell command execution detected (child_process).

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97emr807cjyhyv3dvh2gjz1ex82jv84

316downloads

0stars

3versions

Updated 6h ago

v0.1.2

MIT-0

Skill QR Card

Create a styled QR card (SVG or PNG) that users can scan to install a skill instantly.

Workflow

Collect inputs
- skill slug (required)
- display title (optional)
- target payload mode: install command / ClawHub URL / README URL
Generate QR card
- Use scripts/generate_qr_card.js.
Return output files
- SVG (always)
- PNG (optional if ImageMagick convert is available)
Share result
- Send generated image path directly.

Commands

Basic:
- node scripts/generate_qr_card.js --slug skill-feed
Custom title + mode:
- node scripts/generate_qr_card.js --slug skill-feed --title "SkillFeed" --mode install
Custom output:
- node scripts/generate_qr_card.js --slug skill-feed --out ./images/skillfeed-card.svg

Modes

install (default): QR payload = clawhub install <slug>
clawhub: QR payload = https://clawhub.ai/<slug>
github: QR payload = https://github.com/<owner>/<repo> (requires --github)

Output

MEDIA:./images/<file>.svg line is printed for quick sharing.
Optional PNG is generated when system has convert installed.

References

Styling and payload conventions: references/design-guidelines.md

Comments

Loading comments...