QR Code Tool

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward QR-code generation skill, but QR images can expose any WiFi passwords or contact details placed inside them.

Install only if you are comfortable generating QR images from the data you provide. Avoid encoding long-lived primary WiFi passwords, private contact details, tokens, or other secrets in QR codes that may be printed, saved, forwarded, or viewed by untrusted people; prefer guest networks or temporary credentials for sharing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly shows how to encode live WiFi credentials into a QR code and says users can scan to auto-connect, but it does not warn that anyone who can view or copy the QR image can recover the embedded password. In this skill context, that omission is meaningful because the stated use case is credential sharing, which can lead to unintended disclosure, reuse of network secrets, and persistence of access beyond the intended audience.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal