Skillv1.0.0

ClawScan security

QR Code Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 25, 2026, 6:45 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose and requirements mostly match (Python + qrcode library), but the runtime instructions include an unsanitized python -c one-liner and on-demand pip installs which introduce avoidable risks and make the skill slightly suspicious without clearer safety controls or provenance.
Guidance: This skill appears to do what it says (generate QR codes) but exercise caution before installing or using it: 1) The SKILL.md suggests running a python -c one-liner that embeds user text directly — ensure the agent escapes or sanitizes input (or use safer approaches like writing the text to a temporary file and passing the filename to Python) to avoid code injection. 2) The skill will attempt pip install qrcode[pil] at runtime if the library is missing — verify package provenance and, where possible, pre-install dependencies in a controlled environment to avoid unexpected downloads. 3) The README references a ClawHub/GitHub install but the published source/homepage are unknown; prefer skills with verifiable source. 4) Be mindful that output files are written to the agent's working directory and that you should avoid submitting sensitive secrets (e.g., Wi‑Fi passwords) unless you trust the environment. If you want higher assurance, ask for the skill's source repository or a packaged release (so you can review code and dependency requirements) and request the one-liner be replaced with a safer implementation that properly escapes input.

Review Dimensions

Purpose & Capability: okName/description (generate QR codes) align with the declared requirements: python3 and the qrcode[pil] library. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope: concernThe SKILL.md instructs the agent to execute a python one-liner that directly embeds user text: python3 -c "... img.add_data('USER_TEXT_HERE') ...". If the agent substitutes user input into that literal without proper escaping, this enables code/command injection or runtime errors for inputs containing quotes/newlines. The instructions also tell the agent to run pip install qrcode[pil] at runtime if missing — which downloads and executes third-party code. Neither of these behaviors is inherently required for QR generation but are risky without safeguards (escaping, using files/stdin, preinstalling dependencies, or verifying package provenance).
Install Mechanism: noteThere is no install spec (instruction-only), which is low-risk. However, the runtime behavior relies on pip to fetch qrcode[pil] if absent; on-demand pip installs pull external packages and can introduce supply-chain risk. The README references an install via ClawHub/GitHub but the skill's source/homepage are unknown.
Credentials: okThe skill requests no environment variables, credentials, or config paths, which is appropriate for a local QR generator. The README mentions Wi‑Fi credentials as example input (user-provided content) — that is a data-sensitivity concern for the user but not an environment/credential request by the skill.
Persistence & Privilege: okalways is false and the skill does not request persistent presence or modify other skills or system-wide settings. It writes output files to the current working directory, which is expected for this function.