VietQR
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: vietqr Version: 1.0.0 The vietqr skill bundle is a legitimate utility for generating VietQR payment URLs. The Python script (scripts/vietqr.py) performs input validation and normalization for bank accounts and amounts (including Vietnamese shorthand) using standard libraries, and the SKILL.md instructions correctly guide the agent to use the script for its intended purpose without any signs of malicious intent or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The VietQR image service, and any system that automatically renders the markdown image, may receive the bank/account details, amount, transfer note, and account holder name included in the URL.
The generated QR image URL is hosted by an external provider and may include payment metadata in query parameters when the URL or markdown image is loaded.
BASE_URL = "https://img.vietqr.io/image" ... params["amount"] = ... params["addInfo"] = note.strip() ... params["accountName"] = account_name.strip()
Use this only for payment details you intend to share via VietQR, avoid putting unrelated sensitive information in the transfer note, and prefer a raw URL over an auto-rendered markdown image when you want more control.