Local QR Code Generation And Recognition Not Require An API_KEY - 本地二维码生成与识别

Security checks across malware telemetry and agentic risk

Overview

This skill appears to locally generate and decode QR codes without network calls, credential use, or hidden high-impact behavior.

Use this for local QR-code generation or decoding. Install the required Python packages from sources you trust, preferably in a virtual environment, and choose output paths carefully because generated images can overwrite files in the current working directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger description includes broad language like '或类似本地二维码问题时', which can cause the skill to match overly general QR-code-related requests outside its intended scope. In an agent system, ambiguous activation increases the chance of unintended tool invocation, potentially causing incorrect handling of user requests or overshadowing more appropriate skills.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal