Security audit

Qrcodemaker

Security checks across malware telemetry and agentic risk

Overview

This skill is a local QR-code generator and decoder with some documentation gaps around dependencies and sensitive QR contents, but no evidence of hidden, destructive, networked, or persistent behavior.

Before installing, note that QR codes can contain sensitive information. Treat WiFi QR images as credentials, avoid putting real passwords directly in shell commands where possible, and do not open decoded QR links blindly. If you need decoding, install and review the missing optional pyzbar dependency in addition to opencv-python.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 83% confidence
Finding: The documented behavior does not fully match the skill’s actual capabilities and dependencies, which can mislead users and operators about what the skill installs and does. Undisclosed decoding dependencies and undocumented output options reduce transparency and can bypass review or deployment expectations, especially where dependency allowlists or capability review matter.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README includes WIFI QR generation examples with plaintext passwords directly on the command line and does not warn that these values may be exposed through shell history, process listings, screenshots, logs, or the generated QR image itself. In this skill’s context, that increases the chance users will unintentionally disclose real wireless credentials while following the documentation.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The trigger phrases are broad enough to match common conversational requests, increasing the chance the skill activates when the user did not explicitly intend to invoke it. Unintended activation is risky here because the skill can process uploaded images and generate QR payloads containing sensitive content like WiFi credentials or contact data.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill handles sensitive payload types such as WiFi credentials and vCard contact information but provides no warning about privacy, persistence, or safe sharing. Users may unknowingly encode secrets into easily shareable images, creating accidental disclosure risk rather than a code-execution issue.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal