← 返回 Skills 市场

QR Code

Name: QR Code
Author: zouyawen

作者 zouyawen · GitHub ↗ · v1.0.1

cross-platform ⚠ suspicious

1009

总下载

当前安装

版本数

在 OpenClaw 中安装

/install openclaw-qr-code

功能描述

Generate, decode, and beautify QR codes with customizable colors, logos, and formats. Works across all OpenClaw channels including WhatsApp.

安全使用建议

This skill appears to do what it says (QR generation/decoding), but the installation guidance asks you to run a remote install script piped to bash and to restart the OpenClaw gateway. Running unknown scripts is risky. Before installing: 1) Inspect the GitHub repo and read install.sh (do not run it blind); verify the repo owner, commit history, and open-source license. 2) Prefer installing dependencies via your system/package manager rather than a curl|bash pipeline. 3) If you must run the script, verify a commit/tag and checksum, or run it inside a disposable VM or container. 4) Confirm which directories the installer will modify (the SKILL.md uses both ~/.openclaw and ~/clawd) and back up any important data. If you want, provide the install.sh contents or the GitHub repo URL and I can help review the script for suspicious actions.

功能分析

Type: OpenClaw Skill Name: openclaw-qr-code Version: 1.0.1 The skill is classified as suspicious due to the explicit instruction in SKILL.md to execute an external script via `curl -s <URL> | bash`. This creates a severe supply chain vulnerability, allowing arbitrary code execution on the OpenClaw agent's host if the GitHub repository or the `install.sh` script at `https://raw.githubusercontent.com/zouyawen/openclaw-qrcode/main/install.sh` is compromised. This instruction also represents a form of prompt injection, as the AI agent is directed to perform a high-risk action by fetching and executing untrusted code from an external source.

能力评估

ℹ Purpose & Capability

Name and description match the operations described (generate, decode, beautify). Requested Python packages (qrcode[pil], pillow, numpy, pyzbar) are consistent with QR generation/decoding. Minor inconsistencies: SKILL.md claims it leverages a built-in 'qr_code_operations' tool yet also requires a 'companion plugin' from GitHub for advanced features; file path conventions use both ~/.openclaw and ~/clawd which is inconsistent and could confuse installation or imply different workspace roots.

⚠ Instruction Scope

The SKILL.md explicitly instructs users to fetch and run a remote install script (curl -s https://raw.githubusercontent.com/.../install.sh | bash) and to restart the gateway. That action grants the remote script full execution on the machine. The instructions reference workspace file locations and ask users to place logos under a workspace directory (reasonable), and include validations (no '..'), but do not provide the install.sh contents or hashes to verify integrity. Basic install instructions also reference an unspecified 'skill.zip' from 'ClawHub' without a download URL.

⚠ Install Mechanism

There is no formal install spec in the registry, only prose recommending running a remote install script piped to bash from GitHub raw. While GitHub is a known host, piping remote scripts to a shell is high risk because the script could perform arbitrary changes, install additional packages, or run network calls. The SKILL.md claims the script will install Python packages automatically (allowed packages listed), but the script itself was not provided for review nor accompanied by a checksum or release tag to validate authenticity.

✓ Credentials

The skill declares no required environment variables, no credentials, and no config paths. The requested Python packages are proportionate to QR generation/decoding. There is no evidence the skill asks for unrelated credentials or secrets.

ℹ Persistence & Privilege

The skill does not request always:true and is user-invocable only. The install instructions suggest writing files into user directories (~/.openclaw, ~/clawd) and restarting the gateway — normal for a plugin — but this implies the installer script will modify local files/services, so users should verify what the script does before running it.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install openclaw-qr-code
安装完成后，直接呼叫该 Skill 的名称或使用 /openclaw-qr-code 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

- Documentation revised for clarity, brevity, and improved usability. - Quick Start instructions now highlight full-feature and basic installation paths, with emphasis on using the companion plugin. - Feature lists consolidated and streamlined; advanced capabilities like rounded dots, gradients, and logo embedding clearly marked as available only via GitHub installation. - Security features and input validation rules now more prominently documented. - Usage examples reorganized with clear natural language and command-based formats. - WhatsApp and channel compatibility instructions clarified, including automatic format conversion notes.

v1.0.0

Initial release of the openclaw-qr-code skill with advanced QR code features: - Generate, decode, and beautify QR codes using natural language across all OpenClaw channels. - Supports visual customization: rounded dots, gradient colors, and central logo integration with high error correction. - Consistent experience and media handling for WhatsApp, Telegram, and WebChat. - Includes security features: path restriction, input sanitization, and automatic file cleanup. - Requires a companion plugin for enhanced visual options.

元数据

Slug openclaw-qr-code

版本 1.0.1

许可证 —

累计安装 2

当前安装数 2

历史版本数 2

常见问题

QR Code 是什么？

Generate, decode, and beautify QR codes with customizable colors, logos, and formats. Works across all OpenClaw channels including WhatsApp. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1009 次。

如何安装 QR Code？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-qr-code」即可一键安装，无需额外配置。

QR Code 是免费的吗？

是的，QR Code 完全免费（开源免费），可自由下载、安装和使用。

QR Code 支持哪些平台？

QR Code 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 QR Code？

由 zouyawen（@zouyawen）开发并维护，当前版本 v1.0.1。