Generate Qrcode

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward QR-code generator that saves a PNG where the user or agent asks, with no evidence of hidden data access, exfiltration, or persistence.

Install only if you are comfortable running a local Python QR-code script. Use normal output locations such as Desktop or Downloads, and avoid paths that could overwrite important files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 97% confidence
Finding: The skill manifest sets `openclaw.always: true`, which causes the skill to be considered for activation without any narrowing trigger constraints. For a skill that can invoke a local Python script and write files to arbitrary output paths, this broad activation increases the chance of unintended invocation, unnecessary exposure of local capabilities, and accidental file creation or overwrite in unrelated contexts.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal