ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

QR Code Tool

v1.0.0

Generate QR codes for URLs, text, WiFi credentials, contact cards, and more. Use when creating scannable links for marketing materials, sharing WiFi password...

0· 335·1 current·1 all-time
by@leonardodpanda
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (QR code generation for URLs, WiFi, vCards, styled images, batch jobs) aligns with the provided instructions and examples. All code samples and the listed dependency (qrcode[pil]) are appropriate for this functionality.
Instruction Scope
SKILL.md only contains local code examples (Python) that create image files, compose QR payloads (including WiFi/vCard formats), and manipulate images. The instructions do not read unrelated files, environment variables, or send data to external endpoints.
Install Mechanism
There is no install spec and no downloads; the doc recommends installing the public pip package qrcode[pil], which is proportionate for the stated functionality. No extracted archives or external URLs are used.
Credentials
The skill requests no environment variables, credentials, or config paths. Examples accept sensitive inputs (e.g., WiFi password) but those are user-supplied and not read from the environment.
Persistence & Privilege
Skill is not always-enabled and does not request persistent privileges or modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not combined with any elevated access.
Assessment
This skill is instruction-only and appears coherent. Before running the code: (1) verify and run examples locally in a safe environment (you’ll need Python and pip), (2) review any inputs you pass (e.g., WiFi passwords or contact details) so you do not accidentally expose secrets, and (3) install the qrcode[pil] package from PyPI using pip in a virtualenv to avoid affecting your system Python. If the skill came from an unknown source, inspect the SKILL.md yourself before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk9755a26tp1tvevvbwg45pcm458269fa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments