Back to skill
Skillv1.0.0
VirusTotal security
QR Code Tool · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:59 AM
- Hash
- 0e50fda283cf12b431b9083d2f628a27db50d0b47b2c9fad51cd806df0b3a44d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: qr-code-tool Version: 1.0.0 The skill's core functionality is benign, generating QR codes. However, the Python code in `SKILL.md` directly uses user-provided file paths (`output_path`, `output_dir`, `qr_path`, `logo_path`) for file creation, saving, and opening without apparent sanitization. This introduces a significant local file system vulnerability (arbitrary file write/overwrite, directory creation) if the agent or user provides malicious paths (e.g., path traversal). Additionally, the `getattr` usage in `generate_styled_qr` presents a minor vulnerability. These are vulnerabilities, not evidence of intentional malicious behavior like data exfiltration or backdoors.
- External report
- View on VirusTotal