Security audit

QR Bridge

Security checks across malware telemetry and agentic risk

Overview

QR Bridge is a coherent QR/link inspection skill, but users should know it may contact decoded QR links and install a Python dependency during setup.

Install only if you are comfortable with the agent reading local QR images and contacting decoded URLs to trace redirects. Avoid tracing sensitive login, payment, invitation, or one-time QR codes unless you intend to make that external request, and review setup.sh first if you do not want pip installing packages into your current Python environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to automatically fetch and inspect decoded URLs, which can disclose sensitive or private links to third-party services without an explicit user confirmation step. QR codes commonly embed personalized tracking links, auth-bearing URLs, or internal endpoints, so automatic network access can leak identifiers, trigger side effects, or access untrusted infrastructure unexpectedly.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The blog post describes very broad natural-language triggers such as telling Claude Code to 'scan this QR code,' which can overlap with ordinary conversation and cause the skill to activate unexpectedly. In a skill context, over-broad activation can route unrelated user content into network-fetching and QR/URL inspection flows, increasing the chance of unintended external requests or confusing autonomous behavior.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script automatically runs `pip3 install "qrcode[pil]"` when the module is missing, causing unprompted system modification during setup. This is dangerous because it introduces supply-chain risk, may install into the user's global Python environment, and performs network/package retrieval without explicit consent or version pinning.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.