ClawHub

QR Password

Security checks across malware telemetry and agentic risk

Overview

This skill handles passwords in a sensitive way by design, but the reviewed evidence shows an offline, purpose-aligned QR transfer tool rather than hidden credential theft.

Install only if you specifically need offline QR-based credential transfer. Treat every generated QR image as the password itself: use it in a private setting, trust the receiving device, avoid screenshots or cloud-synced folders, clear the browser/form after use, and delete generated image files immediately after transfer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The page claims credentials never leave the device, but the explicit purpose of the tool is to encode them into a QR code for capture by another device. That misleading assurance can cause users to underestimate exposure risks such as shoulder-surfing, camera retention, screenshots, browser caching, or compromise of the receiving device.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly describes transferring usernames and passwords via QR codes between devices, but it does not warn that credentials will be visibly rendered on-screen and may be captured by nearby observers, screenshots, screen-recording software, or camera compromise. Because the skill is specifically designed to bridge credentials across trust boundaries, the missing disclosure and handling guidance increases the chance that sensitive secrets are exposed during normal use.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The tool renders plaintext credentials into a visible QR code and also retains the password in the form field, increasing the window for on-screen disclosure and local compromise. In this skill's context, the whole function is credential transfer, so residual display risk is especially relevant: anyone with line-of-sight, screenshots, browser autofill/history artifacts, or access to the unlocked device may recover secrets.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script converts credentials into a QR payload and saves the resulting image to a predictable on-disk location, which creates local persistence of sensitive secrets. This increases exposure through other local users/processes, backups, temp-directory inspection, or later accidental disclosure, and the script provides no warning, consent prompt, or cleanup behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal