ClawHub

Qrcode Skill

v0.1.0

QR code generation and decoding skill. Use when: generating QR codes from text/URLs, decoding/reading/parsing QR codes from images, creating scannable QR cod...

0· 211·1 current·1 all-time
byMarc Chen@marc-chen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (generate and decode QR codes) matches the runtime instructions and the referenced MCP tools (generate_qr_code, decode_qr_code). The skill only requires configuring an MCP server URL and does not request unrelated binaries, environment variables, or config paths.
Instruction Scope
Instructions are narrowly scoped to QR operations: asking for text/URL input, accepting an image via file path/base64/paste, reading a workspace file to convert to base64, calling the remote MCP tools, and optionally writing a PNG file. These file reads/writes and the network calls are expected for the stated purpose, but they do transmit user-provided text/images to the external MCP endpoint (https://qrcode.api4claw.com/mcp), so user data will leave the local environment.
Install Mechanism
Instruction-only skill with no install spec and no code files — minimal local footprint and no packages or downloads. This is the lowest-risk installation pattern.
Credentials
The skill declares no required environment variables, credentials, or config paths. It does require the agent be configured with an MCP server entry (a URL), which is proportionate to the described remote-service design.
Persistence & Privilege
always:false and no special privileges requested. The skill does not modify other skills or system-wide settings and does not request permanent elevated presence.
Assessment
This skill delegates QR generation/decoding to a remote service (https://qrcode.api4claw.com/mcp) and will send whatever text or image you provide to that endpoint. Before using it: (1) confirm you trust that domain/operator, (2) avoid sending secrets or sensitive images (passwords, private QR codes, PII), (3) if you need offline or more private processing, use a local tool (e.g., qrencode/qrcode libraries or zxing) instead, and (4) review or validate the MCP server URL in your agent configuration to ensure it points to the intended service.

Like a lobster shell, security has layers — review code before you run it.

latestvk975j3vj5v33q5272mq30gf3as82rde6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments