ClawHub
Back to skill
v1.0.0

Near Qr Skill

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:37 AM.

Analysis

The skill appears to do what it claims: generate and read NEAR QR codes without requesting credentials, network access, or hidden persistence.

GuidanceThis skill looks safe for its stated purpose. Before installing, use a trusted Python environment, review the dependency versions if reproducibility matters, choose output paths carefully, and verify any generated payment QR code recipient and amount before sharing or scanning it.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
requirements.txt
qrcode[pil]>=7.4
Pillow>=10.0
pyzbar>=0.1.9

The skill relies on external Python packages with lower-bound version ranges rather than pinned exact versions. This is expected for the QR-code purpose, but dependency versions may vary between installations.

User impactInstalling the skill may pull newer package versions from the Python package index, which can affect reproducibility or inherit future dependency issues.
RecommendationInstall in a virtual environment and, for higher assurance, pin and review dependency versions before use.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
near_qr.py
output_path = output or f"{account.replace('.', '_')}_qr.png"
img.save(output_path)

Generated QR images are saved to default or user-provided paths. This is central to the skill's purpose, but the code does not show overwrite protection or path restrictions.

User impactA poorly chosen output path could overwrite an existing file or place a QR image somewhere unintended.
RecommendationUse explicit, safe output paths and verify the destination before generating QR files.