Skillv1.0.0

ClawScan security

Qr Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 17, 2026, 1:29 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match a QR generator, but there are inconsistencies about required tools and installation (references to an external 'clawhub' CLI and a meta.json that lists curl) and no install mechanism, so it's unclear what will actually run or be fetched at install time.
Guidance: This skill appears to be a simple QR generator, but it lacks code and a clear install path. Before installing or running it: 1) Ask the publisher where the 'clawhub' CLI comes from and whether the platform already provides it; avoid running 'npx clawhub@latest' or downloading unknown packages without verifying the package source and reviewing its code. 2) Confirm why 'curl' is required (if the tool fetches remote resources or uploads data). 3) If you only need QR files, consider using a known, audited library or an offline tool (e.g., local qr libraries) instead of fetching a third-party CLI. 4) Do not provide any credentials or allow automatic installation from unknown registries until the install origin is verified.
Findings: [_meta.json_requires_bins_curl] unexpected: _meta.json lists requires.bins: ["curl"], but the skill offers no explanation why curl is needed for a local CLI-style QR generator. The top-level registry metadata in the provided evaluation showed no required binaries, so this is an internal inconsistency.

Review Dimensions

Purpose & Capability: noteName/description and SKILL.md all describe QR generation, custom style, batch and decode — those capabilities are coherent. However, the runtime instructions call a 'clawhub' CLI (clawhub qr generate / batch) while the skill bundle contains no code or install spec to provide that CLI. _meta.json lists 'curl' as a required binary, but top-level metadata showed no required binaries: this mismatch is unexplained.
Instruction Scope: noteInstructions stay within the QR-generator purpose (generate files, read an input list, accept a logo file). They do not request unrelated env vars or system paths. Concern: instructions assume a local 'clawhub' binary and input files (logo.png, urls.txt) exist — the skill does not explain where that CLI comes from or whether using dynamic QR involves a remote service. That ambiguity could cause the agent to fetch or run external software.
Install Mechanism: concernThere is no install spec in the skill (instruction-only). README suggests using 'npx clawhub@latest install qr-generator' which implies fetching code from the npm ecosystem, but the package origin isn't provided in the skill metadata. _meta.json's requires.bins includes 'curl', adding another unstated dependency. Lack of a clear, trusted install source means the agent or user would have to fetch/execute external tooling from unknown origins — higher risk.
Credentials: okThe skill doesn't request any environment variables, credentials, or config paths. This is proportionate to a QR generator and reduces risk of secret exfiltration.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request persistent/always-on presence or claim to modify other skills. No problematic privilege escalation is visible in the bundle.