Back to skill
Skillv1.1.1
ClawScan security
Generate Qrcode · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 26, 2026, 6:27 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code is a simple, coherent QR-code generator and matches its description, but the skill is marked always:true (force-included) which is a disproportionate privilege for this utility.
- Guidance
- The included Python script is small and appears to only create QR-code PNGs — it looks functionally benign. However, the skill is configured with always:true, meaning it will be force-loaded into every agent session (a higher privilege than this utility needs). Before installing, consider: (1) remove or disable the always:true flag so it runs only when you invoke it; (2) verify the qrcode package you install comes from PyPI and is up-to-date; (3) be aware the script will write files to any output path you supply (don't pass sensitive system paths); and (4) because the owner and homepage are unknown, treat it as untrusted code: inspect it locally and, if possible, run it in a restricted environment or container.
Review Dimensions
- Purpose & Capability
- okThe name/description state 'Generate QR codes' and the included agent.py implements exactly that using the qrcode library. No unrelated binaries, env vars, or services are requested.
- Instruction Scope
- okSKILL.md instructs the agent to run the bundled Python script and nothing else; the instructions don't request reading other files, credentials, or sending data to external endpoints. The script only accepts input text/URL and writes a PNG to a user-specified path.
- Install Mechanism
- okThere is no install spec and only a small Python script is included — low-risk. The only runtime dependency is the qrcode Python package which must be pre-installed; there are no external downloads or extract steps.
- Credentials
- okThe skill declares no required environment variables, no credentials, and the code does not read environment variables or configuration files. Requested privileges are minimal and proportional to a QR generator.
- Persistence & Privilege
- concernThe skill is marked always:true in metadata. That forces the skill to be included in every agent run and increases its blast radius beyond what a simple QR generator needs. This is an unnecessary privilege and should be justified or removed.