Skillv1.0.0

ClawScan security

qr-code-toolkit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 5:02 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are consistent with a local QR generation/reading tool: it uses standard CLI QR utilities, doesn't request credentials or network access, and its behavior matches the description.
Guidance: This skill appears coherent and limited to local QR operations, but before installing consider: 1) Ensure you want files written to the skill/workspace qrcodes directory (the script creates a qrcodes folder at a parent workspace-level). 2) Install the documented dependencies (qrencode, zbar) from trusted package managers. 3) Review the script if you need stricter filesystem controls — it will read any input file you point it at (batch mode) and write PNGs; avoid passing untrusted input. 4) For extra safety, run the script in a sandboxed environment or container if you are cautious. 5) Be aware of cross-platform differences (md5sum may be missing on macOS). If you want me to, I can highlight exact lines in the script to review or suggest a small hardening patch (e.g., restrict output path or sanitize filenames).

Review Dimensions

Purpose & Capability: okName/description (generate/read QR codes) match the provided script and README. The script relies on qrencode for generation and zbarimg/zbar-tools for reading — these are the expected tools for the stated purpose.
Instruction Scope: noteRuntime instructions point to the included shell script and only perform local filesystem operations (generate files under a qrcodes directory and read user-supplied images). The script reads an input file for batch operations and writes output PNGs; it does not contact remote endpoints or read unrelated system secrets. Note: the script resolves QR_DIR by moving three levels up from the script directory, which places the qrcodes folder at a workspace/root level (intentional per SKILL.md), and batch uses md5sum for filenames (md5sum may not be present on all platforms).
Install Mechanism: okThis is an instruction-only skill with no install spec; the README documents installing qrencode and zbar via package managers. No remote downloads or archive extraction are present in the skill bundle.
Credentials: okNo environment variables or credentials are requested. The script does not access secrets or configuration outside of the user-supplied input files and the filesystem where it writes output.
Persistence & Privilege: okalways is false and the skill is user-invocable. It does not modify other skills or system-wide agent settings and has no installation hooks that would grant persistent elevated privileges.