← Back to Skills Marketplace
Scanblitz
by
whotookmylogin
· GitHub ↗
· v1.0.0
· MIT-0
51
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install scanblitz
Description
Create dynamic, trackable QR codes and inspect scan analytics with the ScanBlitz API. Use when a user wants QR codes whose destinations can change later, QR...
README (SKILL.md)
ScanBlitz — Dynamic QR Codes and Scan Analytics
ScanBlitz creates dynamic QR codes and short links that track scans. Use it when an agent needs to create a QR code, update the destination later, or check scan analytics such as device, country, referrer, and daily trends.
When to Use
Use this skill when the user asks to:
- Create a QR code for a URL and track scans.
- Make a dynamic QR code whose destination can be changed later.
- Create QR links for campaigns, flyers, packages, events, or landing pages.
- Check how many times a QR code was scanned.
- Pull scan analytics by device, country, city, referrer, or date.
- Update, deactivate, or delete an existing ScanBlitz QR code.
- Generate QR codes programmatically from an agent or automation.
Do not use this skill for:
- Static QR images that do not need tracking or redirect updates.
- Reading or decoding QR codes from images.
- Barcode generation.
- Anything that should avoid third-party network calls.
Setup
Option A: Use an existing ScanBlitz API key
Set the key in OpenClaw's environment file:
mkdir -p ~/.openclaw
printf '\
SCANBLITZ_API_KEY=%s\
' 'sb_api_your_key_here' >> ~/.openclaw/.env
If your installation uses a custom state directory, put it in $OPENCLAW_STATE_DIR/.env instead.
Option B: Self-register by email
Agents can request a verification code and receive an API key without a browser.
curl -s -X POST 'https://kylpeyhiqtdonlqqguty.supabase.co/functions/v1/agent-register' \
-H 'Content-Type: application/json' \
-d '{"email":"[email protected]","agent_name":"OpenClaw Agent"}'
Check that inbox for the 6-digit code, then verify:
curl -s -X POST 'https://kylpeyhiqtdonlqqguty.supabase.co/functions/v1/agent-register/verify' \
-H 'Content-Type: application/json' \
-d '{"email":"[email protected]","code":"123456"}'
Save the returned api_key as SCANBLITZ_API_KEY. The key is only shown once.
Optional MCP server
ScanBlitz also provides an MCP server:
{
"mcpServers": {
"scanblitz": {
"command": "npx",
"args": ["-y", "@scanblitz/mcp-server"],
"env": { "SCANBLITZ_API_KEY": "sb_api_..." }
}
}
}
Auth and Base URLs
Recommended API keys use the sb_api_ prefix and the public enterprise API:
SCANBLITZ_API_BASE="${SCANBLITZ_API_BASE:-https://scanblitz.com/api/enterprise}"
AUTH_HEADER="Authorization: Bearer $SCANBLITZ_API_KEY"
Older partner keys may start with sbz_partner_. If you have one, use the partner API and X-Partner-Key header:
SCANBLITZ_API_BASE="https://kylpeyhiqtdonlqqguty.supabase.co/functions/v1/partner-api"
AUTH_HEADER="X-Partner-Key: $SCANBLITZ_API_KEY"
Always include a source header so traffic is classified correctly:
SOURCE_HEADER="X-Source-Type: agent"
Create a Dynamic QR Code
curl -s -X POST "$SCANBLITZ_API_BASE/qr-codes" \
-H "Content-Type: application/json" \
-H "$AUTH_HEADER" \
-H "$SOURCE_HEADER" \
-d '{
"name": "Product Launch",
"destination_url": "https://example.com/launch"
}'
Expected response shape:
{
"success": true,
"data": {
"id": "uuid",
"short_id": "xK7mQ3",
"name": "Product Launch",
"destination_url": "https://example.com/launch",
"scan_count": 0,
"is_active": true
}
}
Save both:
id: needed for enterprise API update/delete/analytics endpoints.short_id: useful for public redirect links likehttps://scanblitz.com/qr/xK7mQ3.
If using the older partner API, create with the base URL directly:
curl -s -X POST "$SCANBLITZ_API_BASE" \
-H "Content-Type: application/json" \
-H "$AUTH_HEADER" \
-H "$SOURCE_HEADER" \
-d '{
"name": "Product Launch",
"destination_url": "https://example.com/launch",
"partner_ref": "openclaw:product-launch"
}'
List QR Codes
curl -s "$SCANBLITZ_API_BASE/qr-codes?page=1&limit=50&sort_by=created_at&sort_order=desc" \
-H "$AUTH_HEADER" \
-H "$SOURCE_HEADER"
Useful filters:
search=launchactive=truesort_by=scan_countsort_order=desc
Get One QR Code
Enterprise API:
QR_ID="uuid-from-create-or-list"
curl -s "$SCANBLITZ_API_BASE/qr-codes/$QR_ID" \
-H "$AUTH_HEADER" \
-H "$SOURCE_HEADER"
Older partner API:
SHORT_ID="xK7mQ3"
curl -s "$SCANBLITZ_API_BASE/$SHORT_ID" \
-H "$AUTH_HEADER" \
-H "$SOURCE_HEADER"
Update a QR Destination
Enterprise API:
QR_ID="uuid-from-create-or-list"
curl -s -X PUT "$SCANBLITZ_API_BASE/qr-codes/$QR_ID" \
-H "Content-Type: application/json" \
-H "$AUTH_HEADER" \
-H "$SOURCE_HEADER" \
-d '{
"destination_url": "https://example.com/new-page",
"name": "Updated Launch QR"
}'
Older partner API:
SHORT_ID="xK7mQ3"
curl -s -X PUT "$SCANBLITZ_API_BASE/$SHORT_ID" \
-H "Content-Type: application/json" \
-H "$AUTH_HEADER" \
-H "$SOURCE_HEADER" \
-d '{
"destination_url": "https://example.com/new-page",
"name": "Updated Launch QR"
}'
Get Scan Analytics
Enterprise API:
QR_ID="uuid-from-create-or-list"
curl -s "$SCANBLITZ_API_BASE/qr-codes/$QR_ID/analytics?group_by=day" \
-H "$AUTH_HEADER" \
-H "$SOURCE_HEADER"
Older partner API:
SHORT_ID="xK7mQ3"
curl -s "$SCANBLITZ_API_BASE/analytics/$SHORT_ID" \
-H "$AUTH_HEADER" \
-H "$SOURCE_HEADER"
Analytics may include:
- total scans
- device type
- browser and OS
- country and city
- referrer
- UTM parameters
- daily, weekly, or monthly trends
Delete or Deactivate
Enterprise API permanently deletes the QR code:
QR_ID="uuid-from-create-or-list"
curl -s -X DELETE "$SCANBLITZ_API_BASE/qr-codes/$QR_ID" \
-H "$AUTH_HEADER" \
-H "$SOURCE_HEADER"
If you only want to pause a QR code, update it instead:
curl -s -X PUT "$SCANBLITZ_API_BASE/qr-codes/$QR_ID" \
-H "Content-Type: application/json" \
-H "$AUTH_HEADER" \
-H "$SOURCE_HEADER" \
-d '{"is_active": false}'
Older partner API soft-deletes/deactivates by short ID:
SHORT_ID="xK7mQ3"
curl -s -X DELETE "$SCANBLITZ_API_BASE/$SHORT_ID" \
-H "$AUTH_HEADER" \
-H "$SOURCE_HEADER"
Bulk Create
Bulk create is available on paid plans.
curl -s -X POST "$SCANBLITZ_API_BASE/qr-codes/bulk" \
-H "Content-Type: application/json" \
-H "$AUTH_HEADER" \
-H "$SOURCE_HEADER" \
-d '{
"qr_codes": [
{"name":"Store #1","destination_url":"https://example.com/store/1"},
{"name":"Store #2","destination_url":"https://example.com/store/2"}
]
}'
Health Check
For older partner API keys:
curl -s 'https://kylpeyhiqtdonlqqguty.supabase.co/functions/v1/partner-api/health' \
-H "X-Partner-Key: $SCANBLITZ_API_KEY" \
-H "$SOURCE_HEADER"
For enterprise keys, use a lightweight authenticated call:
curl -s "$SCANBLITZ_API_BASE/usage" \
-H "$AUTH_HEADER" \
-H "$SOURCE_HEADER"
Generate a Printable QR Image
ScanBlitz creates the trackable link. To render a PNG, encode the ScanBlitz scan URL, not the final destination URL.
SCAN_URL="https://scanblitz.com/qr/xK7mQ3"
ENCODED=$(python3 - \x3C\x3C'PY'
from urllib.parse import quote
import os
print(quote(os.environ["SCAN_URL"], safe=""))
PY
)
curl -fsSL "https://api.qrserver.com/v1/create-qr-code/?size=1024x1024&ecc=H&format=png&data=$ENCODED" \
-o scanblitz-qr.png
If you do not have Python available, paste the SCAN_URL into any trusted QR generator.
Response Handling
Always check for both HTTP errors and JSON errors:
response=$(curl -sS -w '\
%{http_code}' -X POST "$SCANBLITZ_API_BASE/qr-codes" \
-H "Content-Type: application/json" \
-H "$AUTH_HEADER" \
-H "$SOURCE_HEADER" \
-d '{"name":"Test","destination_url":"https://example.com"}')
body=$(printf '%s' "$response" | sed '$d')
status=$(printf '%s' "$response" | tail -n1)
printf 'HTTP %s\
%s\
' "$status" "$body"
Common issues:
401: missing or invalidSCANBLITZ_API_KEY.403: key lacks permission for that operation.404: wrong QRid/short_id, wrong base URL for the key type, or inactive/deleted code.429: rate limit exceeded.
Quick Reference
| Task | Enterprise endpoint | Partner endpoint |
|---|---|---|
| Create | POST /qr-codes |
POST / |
| List | GET /qr-codes |
Not available |
| Get | GET /qr-codes/:id |
GET /:short_id |
| Update | PUT /qr-codes/:id |
PUT /:short_id |
| Analytics | GET /qr-codes/:id/analytics |
GET /analytics/:short_id |
| Delete/deactivate | DELETE /qr-codes/:id or PUT is_active:false |
DELETE /:short_id |
| Usage/health | GET /usage |
GET /health |
Security Notes
- Never print or commit
SCANBLITZ_API_KEY. - Store credentials in environment files, shell secrets, or OpenClaw state, not in the skill folder.
- Do not create QR codes that hide malicious destinations.
- Inspect the returned
destination_urlbefore sharing or printing a QR code. - Prefer
https://scanblitz.com/qr/\x3Cshort_id>for public-facing links when available.
References
- ScanBlitz: https://scanblitz.com
- API docs: https://scanblitz.com/api-docs
- Agent reference: https://scanblitz.com/llms-full.txt
- MCP server:
npx -y @scanblitz/mcp-server
Usage Guidance
This skill looks coherent for managing ScanBlitz dynamic QR codes. Before installing, make sure you trust ScanBlitz, protect the SCANBLITZ_API_KEY, confirm any update/delete operation on live QR codes, and avoid the optional MCP/npx setup unless you specifically need it and trust the package.
Capability Analysis
Type: OpenClaw Skill
Name: scanblitz
Version: 1.0.0
The ScanBlitz skill provides legitimate functionality for managing dynamic QR codes and tracking analytics via the ScanBlitz API. It includes standard API interaction patterns using curl and a documented self-registration flow via a Supabase-hosted function. No indicators of data exfiltration, unauthorized execution, or malicious prompt injection were found in SKILL.md or _meta.json.
Capability Tags
Capability Assessment
Purpose & Capability
The visible instructions match the stated purpose: creating dynamic QR codes, updating destinations, and viewing scan analytics. These capabilities are expected, but they can affect live campaigns and collect QR scan analytics.
Instruction Scope
The commands are presented as user-directed examples and there is no evidence of hidden automatic execution. Because the skill includes update, deactivate, and delete operations, users should confirm the QR ID and destination URL before mutations.
Install Mechanism
This is mainly an instruction-only skill requiring curl. The optional MCP setup uses npx with an unpinned npm package, so enabling that path adds supply-chain trust in the npm package.
Credentials
The ScanBlitz API key and external API calls are proportionate to the stated QR-code service purpose. The optional API base override should only be pointed at trusted ScanBlitz-controlled endpoints because the auth header is sent there.
Persistence & Privilege
Setup stores the API key in the OpenClaw environment file. No hidden background persistence is shown, but the key remains valid until removed or revoked.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install scanblitz - After installation, invoke the skill by name or use
/scanblitz - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial marketplace release: dynamic QR creation, analytics, updates, deletion, and agent registration workflow.
Metadata
Frequently Asked Questions
What is Scanblitz?
Create dynamic, trackable QR codes and inspect scan analytics with the ScanBlitz API. Use when a user wants QR codes whose destinations can change later, QR... It is an AI Agent Skill for Claude Code / OpenClaw, with 51 downloads so far.
How do I install Scanblitz?
Run "/install scanblitz" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Scanblitz free?
Yes, Scanblitz is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Scanblitz support?
Scanblitz is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Scanblitz?
It is built and maintained by whotookmylogin (@whotookmylogin); the current version is v1.0.0.
More Skills