QR Code
ReviewAudited by ClawScan on May 10, 2026.
Overview
The QR-code purpose is reasonable, but the skill tells users to install required functionality by piping an unpinned GitHub script directly into bash outside the reviewed package.
The QR-code features look purpose-aligned, but install carefully: the ClawHub package does not include the companion plugin code, and the recommended setup runs a GitHub script directly with bash. Inspect or pin that script before installing, and avoid using it in a sensitive environment unless you trust the source.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the recommended version could run code that changes the local OpenClaw environment, and that code can change on GitHub without being reviewed in this package.
The reviewed package has no install spec or code files, while the skill directs users to install required functionality by executing an unpinned remote script from GitHub.
**This skill requires the companion plugin to function!** ... `curl -s https://raw.githubusercontent.com/zouyawen/openclaw-qrcode/main/install.sh | bash`
Do not pipe the script directly into bash. Download and inspect it first, use a pinned release or commit hash, and prefer an installer with declared files, hashes, and dependencies.
The installer may add packages or alter the runtime environment before the skill can be used.
The setup flow runs an external shell script that automatically installs runtime dependencies; this is user-directed and related to QR functionality, but it executes code outside the instruction-only skill.
# Python dependencies (installed automatically by the script) ... qrcode[pil], pillow, numpy, pyzbar
Review the installer and dependency list before running it, and install in a controlled environment if possible.