Back to skill
Skillv1.0.0
VirusTotal security
QR Code Generator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:30 AM
- Hash
- 8dd50cc390943bb6ea3db8eaa8f5de25dd5b823025106b029600f948d950ef92
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: qr-code-generator-skill Version: 1.0.0 The skill's `SKILL.md` defines an execution template that uses `python3 -c` to generate QR codes. This template directly embeds user-provided text (`USER_TEXT_HERE`) and a filename (`FILE_NAME.png`) into a shell command. This design creates a significant shell injection vulnerability if the OpenClaw agent does not rigorously sanitize these inputs before execution, potentially allowing arbitrary code execution or file system manipulation. While not explicitly malicious, this is a critical security flaw.
- External report
- View on VirusTotal