我的二维码生成技能

Security checks across malware telemetry and agentic risk

Overview

This QR-code skill appears to generate images as advertised, but loading it can automatically run unpinned pip installs and alter the Python environment without clear user approval.

Review before installing. The QR functionality is coherent, but this skill should ideally declare qrcode and Pillow as install-time dependencies instead of running pip automatically. Avoid saving QR codes containing passwords, private URLs, or personal data in shared or synced folders, and specify a safe output path to avoid accidental overwrites.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: __import__(package) # 检查库是否已安装 except ImportError: # 自动安装缺失的库 subprocess.check_call([sys.executable, "-m", "pip", "install", package]) # 初始化：安装依赖库 install_dependencies()
Confidence: 93% confidence
Finding: subprocess.check_call([sys.executable, "-m", "pip", "install", package])

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: QR-code generation does not require the capability to modify the host Python environment at runtime, so bundling automatic package installation is unnecessary and risky. This behavior introduces unexpected network access and package execution into a simple content-generation skill, making the skill materially more dangerous than its stated purpose suggests.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill states that generated QR codes are saved to a default desktop path, but it does not clearly warn that this creates a local file containing potentially sensitive data such as WiFi credentials, phone numbers, or private URLs. This can expose secrets to other local users, backups, sync tools, or cause accidental overwrite if a fixed filename like qr_code.png is reused.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: Executing pip installation automatically when the module is imported is dangerous because merely loading the skill triggers system modification without warning or consent. In an agent or shared runtime context, this can violate least privilege, alter the environment unexpectedly, and expose the host to supply-chain and package-execution risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal