QR Code Generator
PassAudited by ClawScan on May 10, 2026.
Overview
This is a straightforward local QR-code generator with no evidence of hidden data access, exfiltration, persistence, or account permissions.
This skill appears safe for normal local QR-code generation. Install dependencies in a controlled Python environment if possible, keep output paths inside your workspace, and remember that QR images can reveal whatever text or Wi-Fi credentials you encode.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent will run local Python code to create the QR image.
The skill explicitly asks the agent to run a local Python command. That is expected for a Python-based QR generator and is described as user-requested rather than hidden or automatic.
When the user requests a QR code, execute a Python one-liner to perform the generation.
Use it in a normal workspace or virtual environment, and review generated commands if the QR text or output path is unusual.
The Python environment may be changed by installing qrcode and Pillow-related dependencies.
The skill may fetch and install an external, unpinned PyPI dependency at runtime. This is disclosed and purpose-aligned, but users should be aware of dependency provenance.
If `qrcode` is missing, the agent should first attempt `pip install qrcode[pil]`.
Prefer installing dependencies in a virtual environment and pin or review package versions if reproducibility or supply-chain control matters.
Poorly escaped QR text or filenames could break the command or save the output somewhere unintended.
The implementation template places user-provided QR text and a filename into a shell/Python one-liner. This is normal for the utility, but it needs safe escaping and path handling.
img.add_data('USER_TEXT_HERE'); ... .save('FILE_NAME.png')Ensure the agent quotes text safely, treats filenames as data rather than code, and saves only to user-approved workspace paths.