VietQR
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears to do what it claims—generate VietQR image URLs—but payment details may be visible to the external QR image service when the link or preview is loaded.
This is a simple, purpose-aligned VietQR URL generator. Before using it, remember that QR previews or opened links may send the included payment details to img.vietqr.io; do not include private or unrelated sensitive information in the payment note.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The VietQR image service, and any system that automatically renders the markdown image, may receive the bank/account details, amount, transfer note, and account holder name included in the URL.
The generated QR image URL is hosted by an external provider and may include payment metadata in query parameters when the URL or markdown image is loaded.
BASE_URL = "https://img.vietqr.io/image" ... params["amount"] = ... params["addInfo"] = note.strip() ... params["accountName"] = account_name.strip()
Use this only for payment details you intend to share via VietQR, avoid putting unrelated sensitive information in the transfer note, and prefer a raw URL over an auto-rendered markdown image when you want more control.