QR Password

v1.0.0

Transfer credentials securely between networked and air-gapped devices using QR codes without exposing passwords or storing data persistently.

⭐ 0· 775·0 current·0 all-time

by@lifehackjohn

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description match the included scripts and assets: generate-qr.py, read-qr.py, qr-format.py, and an offline HTML generator implement bidirectional QR transfer; no unrelated libraries, env vars, or host endpoints are requested.

ℹ

Instruction Scope

SKILL.md stays on-topic (generate/display/delete QR images; decode images; use offline HTML). It mandates important runtime hygiene (redaction, ephemeral files, auto-hide). This is appropriate but enforces policies at the agent/runtime level — the skill cannot itself force deletion or prevent history logging if the agent/platform doesn't comply, so the user must ensure the agent honors those rules.

✓

Install Mechanism

No install spec in the registry; code is provided directly. Declared Python dependencies (qrcode, Pillow, opencv-python-headless) are typical for this functionality. No downloads from arbitrary URLs or extract operations are present.

✓

Credentials

The skill requests no environment variables, credentials, or config paths. The dependencies are proportional to generating/reading QR images. No unrelated secrets are requested.

✓

Persistence & Privilege

always is false and the skill does not request persistent presence or modify other skills/configuration. It relies on transient files and the agent to remove them, which is normal for this use case.

Assessment

This skill appears coherent and implements an air-gapped QR credential flow. Before installing: (1) verify you trust the skill source and review the included scripts (they are small and local); (2) install Python deps in a controlled environment (pip will access the network to fetch packages); (3) ensure your agent/platform actually enforces the SKILL.md rules (deleting files, not logging secrets, auto-hiding canvas) because the skill's safety depends on runtime behavior; (4) avoid pasting QR images or decoded credentials into networked chats or services; and (5) if you need stronger assurance, run the scripts locally on an isolated device or inspect the pip packages' provenance before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dt7ct6hrr0np89wan1kbfen819240

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

QR Password

License

Comments