Security audit

Qr Code Toolkit

Security checks across malware telemetry and agentic risk

Overview

This is a mostly coherent local QR/barcode toolkit, but its batch generator can write files outside the chosen output folder if a CSV or JSON file contains unsafe filenames.

Use this skill only with trusted CSV/JSON batch files, and inspect filename fields before running batch generation. Install it in an isolated Python environment, pin or review dependency versions, and treat WiFi/contact QR images and decoded JSON outputs as sensitive files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (12)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill documentation advertises scripts that read input files and write output images or batch results, but no permissions are declared to reflect those capabilities. This creates a transparency and governance gap: users or platforms may authorize the skill without understanding that it can access local files and persist generated or decoded data to disk.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The CSV path uses a user-controlled filename field and joins it directly with the requested output directory. An attacker can supply values like '../outside.png' or absolute paths to write generated files outside the intended directory, potentially overwriting arbitrary files that the process has permission to modify.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The JSON batch flow has the same issue: each item's filename is taken from untrusted input and combined with output_dir without normalization or containment checks. This enables path traversal or arbitrary file write within the privileges of the running user, which is especially risky in automation or shared environments.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The WiFi QR example embeds an SSID and password directly into a generated image file, but the documentation does not warn that this output contains reusable network credentials and may be stored, shared, synced, or logged inadvertently. In this skill's context, generating credential-bearing QR codes is a core feature, which makes omission of handling guidance more dangerous because users are likely to treat the image as harmless media.

Unpinned Dependencies

Low

Category: Supply Chain
Content: qrcode>=7.4.2 pillow>=10.0.0 opencv-python>=4.8.0 pyzbar>=0.1.9
Confidence: 92% confidence
Finding: qrcode>=7.4.2

Unpinned Dependencies

Low

Category: Supply Chain
Content: qrcode>=7.4.2 pillow>=10.0.0 opencv-python>=4.8.0 pyzbar>=0.1.9 python-barcode>=0.15.1
Confidence: 95% confidence
Finding: pillow>=10.0.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: qrcode>=7.4.2 pillow>=10.0.0 opencv-python>=4.8.0 pyzbar>=0.1.9 python-barcode>=0.15.1 numpy>=1.24.0
Confidence: 95% confidence
Finding: opencv-python>=4.8.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: qrcode>=7.4.2 pillow>=10.0.0 opencv-python>=4.8.0 pyzbar>=0.1.9 python-barcode>=0.15.1 numpy>=1.24.0
Confidence: 90% confidence
Finding: pyzbar>=0.1.9

Unpinned Dependencies

Low

Category: Supply Chain
Content: pillow>=10.0.0 opencv-python>=4.8.0 pyzbar>=0.1.9 python-barcode>=0.15.1 numpy>=1.24.0
Confidence: 90% confidence
Finding: python-barcode>=0.15.1

Unpinned Dependencies

Low

Category: Supply Chain
Content: opencv-python>=4.8.0 pyzbar>=0.1.9 python-barcode>=0.15.1 numpy>=1.24.0
Confidence: 92% confidence
Finding: numpy>=1.24.0

Known Vulnerable Dependency: pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical

Category: Supply Chain
Confidence: 82% confidence
Finding: pillow

Known Vulnerable Dependency: opencv-python — 10 advisory(ies): CVE-2017-12864 (Integer Overflow or Wraparound in OpenCV); CVE-2017-12598 (Out-of-bounds Read in OpenCV ); CVE-2019-14493 (NULL Pointer Dereference in OpenCV.) +7 more

High

Category: Supply Chain
Confidence: 84% confidence
Finding: opencv-python

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.