ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

QR Code Generator

v1.0.0

Generate QR codes for text, URLs, WiFi connections, and business cards (vCard). Use when: (1) creating QR codes for websites or text, (2) generating WiFi con...

0· 437·0 current·0 all-time
by@ouyangabel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe QR code generation and the included script implements text, WiFi, and vCard QR generation only. Required tools (Python qrcode and PIL) are appropriate and proportional to the stated purpose.
Instruction Scope
SKILL.md instructs local generation and saving of PNG files and the script only reads command-line args and writes image files. There are no instructions to read unrelated files, access credentials, or call external endpoints.
Install Mechanism
There is no automated install spec (instruction-only), but SKILL.md asks the user to run `pip3 install qrcode[pil]` (or apt). This is expected for a Python script; installing from PyPI is normal but carries the usual supply-chain risk of third-party packages.
Credentials
The skill requests no environment variables, no credentials, and the script does not access environment secrets or configuration files. All inputs come from CLI arguments.
Persistence & Privilege
always is false and the skill does not modify other skills or system-wide configuration. It does not persist secrets or register itself persistently.
Assessment
This skill appears coherent and limited to generating QR PNGs locally. Before installing or running: (1) be aware you will be asked to install the qrcode/Pillow package from PyPI (standard but subject to normal supply-chain risks) — consider reviewing the package or using a virtualenv; (2) generated WiFi QR codes embed plaintext SSIDs/passwords — avoid creating/sharing QR codes that expose sensitive network credentials; (3) the script saves to disk (defaults to ~/qrcode_output.png) and may overwrite files if you reuse the same path; (4) if you need higher assurance, inspect the included scripts (already provided) and run them in an isolated environment. Overall the skill is internally consistent and does what it claims.

Like a lobster shell, security has layers — review code before you run it.

generatorvk971qa4eyxymc2z9sd2zz2n9ms81rewflatestvk971qa4eyxymc2z9sd2zz2n9ms81rewfqrvk971qa4eyxymc2z9sd2zz2n9ms81rewfqrcodevk971qa4eyxymc2z9sd2zz2n9ms81rewftoolsvk971qa4eyxymc2z9sd2zz2n9ms81rewfvcardvk971qa4eyxymc2z9sd2zz2n9ms81rewfwifivk971qa4eyxymc2z9sd2zz2n9ms81rewf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments