Back to skill
Skillv1.0.0
VirusTotal security
QR Code Generator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:28 AM
- Hash
- d5ac1da85dfb327ff1ad79c725a552d5753a79cbed4629eb29538f3f4a15ca1d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: qr-code-gen Version: 1.0.0 The `qr-code-gen` skill bundle is classified as suspicious due to a local file write vulnerability. The `SKILL.md` documentation and the `scripts/qr-code.py` code explicitly allow users to specify an arbitrary `output_path` for saving generated QR code images. While this is a legitimate feature for a file-generating utility, it presents a risk: a malicious agent or user could instruct the skill to write to sensitive system locations (e.g., `/etc/cron.d/`, `~/.ssh/authorized_keys`), potentially leading to privilege escalation or persistence if the agent is not properly sandboxed or input is not sanitized. There is no evidence of intentional malicious behavior, data exfiltration, or remote execution within the provided files.
- External report
- View on VirusTotal