二维码生成器
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a local QR-code generator, with minor cautions about reading files you provide and installing Python dependencies.
This skill looks safe for normal QR-code generation. Before installing, be aware it uses Python packages and can read any path supplied as the image input; only encode files you are comfortable turning into a scannable QR image.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a private local file path is provided, its contents could be embedded into a QR code image that someone else could scan.
The skill reads the file path supplied in the image argument and encodes small files into QR data. This is aligned with the local-image QR feature, but the code does not verify that the path is actually an image.
image_path = args.get("image", "") ... with open(file_path, 'rb') as f: data = f.read()Only provide paths to files you intentionally want encoded, and avoid using sensitive local files as image inputs.
Installing dependencies can pull code from the configured package repository.
The skill depends on external Python packages with minimum-version bounds rather than exact pins. These dependencies are expected for QR-code and image handling, but they still rely on the user's Python package source.
qrcode[pil]>=7.4.2 Pillow>=10.0.0
Install in a trusted environment and consider pinning or reviewing dependency versions if using this in a sensitive workflow.