qrcode-scan

v1.0.0

QR code scanning and generation. Invoke when user needs to scan/decode QR codes from images, generate QR codes (text, URL, WiFi), or mentions QR code related...

⭐ 1· 153·0 current·0 all-time

by末心@moxin1044

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description, SKILL.md, and scripts/main.py are consistent: the skill depends on qrcode, Pillow, and pyzbar and uses urllib to fetch remote images. All requested functionality (file/URL/base64 input, QR generation including WiFi payloads) is supported by the code and justified by the description.

ℹ

Instruction Scope

SKILL.md limits actions to scanning/generating QR images and shows CLI/Python API usage. It explicitly allows reading local files, base64 blobs, and fetching images from URLs. These are necessary for the feature, but fetching arbitrary URLs introduces an expected network risk (the skill will perform HTTP GETs to any provided URL) and scanning arbitrary local file paths means the skill will read files the user points it at. The instructions do not attempt to read unrelated environment variables or system configs.

✓

Install Mechanism

There is no automated install spec in registry metadata; SKILL.md recommends 'pip install qrcode pillow pyzbar'. This is a normal, traceable install path. Note: pyzbar may require system libraries (zbar) or platform-specific prerequisites (e.g., Visual C++ on Windows) documented in pyzbar's README.

✓

Credentials

The skill requires no environment variables, credentials, or config paths. No secrets are requested or accessed by the code.

✓

Persistence & Privilege

The skill is not marked always:true and does not modify other skills or system-wide settings. It has no special persistence or elevated privileges.

Assessment

This skill appears internally consistent for QR scanning and generation. Before installing or running it: (1) review and run the code in a controlled environment (virtualenv) and inspect dependencies from PyPI; (2) be cautious when providing URLs — the skill will fetch any URL you pass (risk of contacting internal services/SSRF if run in a networked environment); (3) avoid scanning sensitive local images unless you trust the runtime environment, since the tool reads files you point at; (4) note pyzbar may need system libraries (install instructions are in its docs); (5) if you don't want the agent to autonomously fetch URLs, consider restricting autonomous invocation or validating inputs prior to use.

Like a lobster shell, security has layers — review code before you run it.

latestvk9798914zdx93ynzw65fcn89hd83amjr

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

qrcode-scan

License

Comments