← Back to Skills Marketplace
whubbt

Generate Qrcode

by whubbt · GitHub ↗ · v1.1.1
cross-platform ⚠ suspicious
504
Downloads
0
Stars
2
Active Installs
7
Versions
Install in OpenClaw
/install qrcode-gen-yn
Description
Generate QR codes from URLs or text using a pre-built Python script with qrcode library
Usage Guidance
The included Python script is small and appears to only create QR-code PNGs — it looks functionally benign. However, the skill is configured with always:true, meaning it will be force-loaded into every agent session (a higher privilege than this utility needs). Before installing, consider: (1) remove or disable the always:true flag so it runs only when you invoke it; (2) verify the qrcode package you install comes from PyPI and is up-to-date; (3) be aware the script will write files to any output path you supply (don't pass sensitive system paths); and (4) because the owner and homepage are unknown, treat it as untrusted code: inspect it locally and, if possible, run it in a restricted environment or container.
Capability Analysis
Type: OpenClaw Skill Name: qrcode-gen-yn Version: 1.1.1 The skill bundle's `agent.py` script is designed to generate QR codes and save them to a user-specified path. However, it exhibits a path traversal vulnerability as it directly uses the `output_file` argument for `img.save()` and `os.makedirs()` without proper sanitization. This allows an attacker to write files to arbitrary locations on the filesystem (e.g., `../../../../tmp/malicious.png`), which could lead to unauthorized file modification or creation outside the intended skill directory. While not explicitly malicious in intent, this vulnerability poses a significant security risk.
Capability Assessment
Purpose & Capability
The name/description state 'Generate QR codes' and the included agent.py implements exactly that using the qrcode library. No unrelated binaries, env vars, or services are requested.
Instruction Scope
SKILL.md instructs the agent to run the bundled Python script and nothing else; the instructions don't request reading other files, credentials, or sending data to external endpoints. The script only accepts input text/URL and writes a PNG to a user-specified path.
Install Mechanism
There is no install spec and only a small Python script is included — low-risk. The only runtime dependency is the qrcode Python package which must be pre-installed; there are no external downloads or extract steps.
Credentials
The skill declares no required environment variables, no credentials, and the code does not read environment variables or configuration files. Requested privileges are minimal and proportional to a QR generator.
Persistence & Privilege
The skill is marked always:true in metadata. That forces the skill to be included in every agent run and increases its blast radius beyond what a simple QR generator needs. This is an unnecessary privilege and should be justified or removed.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install qrcode-gen-yn
  3. After installation, invoke the skill by name or use /qrcode-gen-yn
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.1
Updated version
v1.1.0
Major update: Improved documentation and metadata
v1.0.4
Updated structure
v1.0.3
Final version with cleaned up metadata and structure
v1.0.2
Updated documentation and improved metadata
v1.0.1
Updated documentation and improved metadata
v1.0.0
- Initial release of QR Code Generator skill. - Strictly enforces use of the provided Python script for QR code generation. - Clear instructions and examples to ensure proper command usage. - Explicitly prohibits writing custom QR code code or using alternative methods.
Metadata
Slug qrcode-gen-yn
Version 1.1.1
License
All-time Installs 2
Active Installs 2
Total Versions 7
Frequently Asked Questions

What is Generate Qrcode?

Generate QR codes from URLs or text using a pre-built Python script with qrcode library. It is an AI Agent Skill for Claude Code / OpenClaw, with 504 downloads so far.

How do I install Generate Qrcode?

Run "/install qrcode-gen-yn" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Generate Qrcode free?

Yes, Generate Qrcode is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Generate Qrcode support?

Generate Qrcode is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Generate Qrcode?

It is built and maintained by whubbt (@whubbt); the current version is v1.1.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments