二维码生成器

Security checks across malware telemetry and agentic risk

Overview

This QR-code skill mostly does what it claims, but its image feature can read and encode arbitrary small local files despite being described as image-only and auto-compressed.

Review before installing. Use this only with files you intentionally want converted into a scannable QR code, and avoid passing paths to secrets, keys, configs, or private documents. The publisher should validate image files, actually resize or compress them, and clearly document that file contents may be embedded in the generated QR.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The skill description promises automatic compression of local images, but the implementation instead embeds the full local image as a base64 data URL in the QR payload. This can expose local file contents in a generated artifact and mislead users into believing large or sensitive images are being safely transformed rather than directly encoded, creating confidentiality and denial-of-service risk due to oversized payloads.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal