二维码生成skill
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to locally generate QR-code image files as advertised, with only minor file-write and dependency considerations.
This looks safe for normal QR-code generation. Before using it, choose an output path you trust and make sure any required qrcode package installation comes from a trusted source.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can create directories and save or overwrite an image file at the output path chosen for the QR code.
The script accepts command-line input and saves the generated image to the requested path, creating directories if needed. This is purpose-aligned, but it affects local files.
data = sys.argv[1] output_file = sys.argv[2] if len(sys.argv) > 2 else "qrcode.png" ... os.makedirs(output_dir, exist_ok=True) ... img.save(output_file)
Use a clear, safe output filename and avoid pointing the skill at sensitive or protected paths.
If the package is missing, the skill will fail and may require a separate package installation from a trusted source.
The runtime depends on the external qrcode package, but the provided artifacts do not include an install specification or pinned package version.
import qrcode
...
print("Install with: pip install qrcode[pil]", file=sys.stderr)Prefer a declared, pinned dependency in the skill install metadata, or manually install qrcode[pil] only from a trusted package source.