Back to skill

Security audit

萤火蓝二维码工具

Security checks across malware telemetry and agentic risk

Overview

The skill appears intended to generate QR-code images, but it can automatically install Python packages when loaded, which changes the user's environment without a clear approval step.

Review before installing. This does not show evidence of theft, deception, or destructive behavior, but it may fetch and install qrcode and Pillow automatically and can write files to paths you provide. Prefer a version that declares pinned dependencies outside the skill runtime, asks before installing anything, and avoids saving to sensitive or existing file paths unless you explicitly intend that.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
__import__(package)  # 检查库是否已安装
        except ImportError:
            # 自动安装缺失的库
            subprocess.check_call([sys.executable, "-m", "pip", "install", package])

# 初始化:安装依赖库
install_dependencies()
Confidence
94% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", package])

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The module performs automatic package installation at import time, adding network access, environment modification, and third-party code execution unrelated to simply generating a QR code. In an agent skill context, import-time side effects are especially risky because merely loading the skill can trigger external actions before any user consent or policy checks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Running pip automatically without prior warning or confirmation is dangerous because it performs privileged environment changes and may fetch and execute code from package sources unexpectedly. In a skill ecosystem, users reasonably expect a QR generator, not silent package management actions during load/execution.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.