v1.0.0

Wifi Qr

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:18 AM.

Analysis

This skill has a narrow, disclosed purpose of making Wi-Fi QR codes, with no evidence of exfiltration or persistence, but the Wi-Fi password and unresolved helper command deserve care.

GuidanceBefore installing or using this skill, make sure qrencode comes from your trusted package manager and verify what the wifi-qr command refers to on your system. Treat the generated QR code as equivalent to the Wi-Fi password: share it only with intended people and avoid exposing it in terminal history or public files.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

metadata

No code files present — this is an instruction-only skill; Required binaries (all must exist): qrencode

The provided artifacts declare only qrencode and include no implementation files, while the SKILL.md examples invoke a wifi-qr command. This is not malicious evidence, but users should verify what command is actually being run.

User impactIf a local wifi-qr command exists from another source, the user could accidentally run code outside the reviewed artifact set.

RecommendationConfirm the origin of any wifi-qr command before using it, or generate the QR directly with a trusted qrencode command.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

Generate a QR code for Wi-Fi credentials... wifi-qr "MyNetwork" "mypassword"

The skill is explicitly designed to handle a Wi-Fi password and encode it into a QR code; this is purpose-aligned but sensitive.

User impactAnyone who sees the generated QR code or exposed password could potentially join the Wi-Fi network.

RecommendationUse this only on trusted devices, do not share the QR code publicly, and avoid entering real Wi-Fi passwords in shared terminals or logs.