Trust Assessment
qr-code received a trust score of 59/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Arbitrary File Write via Output Path, Arbitrary File Read via Image Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Write via Output Path The `qr_generate.py` script directly uses the user-provided `output` argument as the file path for saving the generated QR code image. This allows an attacker to specify an arbitrary file path, potentially overwriting sensitive files or writing to unauthorized locations if the agent has sufficient file system write permissions. For example, an attacker could attempt to write to `/etc/passwd.png` or `../../../../tmp/malicious.png`. Implement robust path validation for the `output_path` argument. Ensure the path is normalized, does not contain directory traversal sequences (e.g., `..`), and is restricted to a designated, secure output directory (e.g., a temporary directory or a user-specific sandbox). Consider using `os.path.abspath` and `os.path.commonprefix` or similar techniques to enforce boundaries. | LLM | scripts/qr_generate.py:50 | |
| HIGH | Arbitrary File Read via Image Path The `qr_read.py` script directly uses the user-provided `image` argument as the file path for opening an image. This allows an attacker to attempt to read arbitrary files on the system, potentially leading to data exfiltration of sensitive information (e.g., `/etc/passwd`, configuration files, or other user data) if the agent has sufficient file system read permissions. Even if the file is not a valid QR code, the attempt to open and read its contents occurs. Implement robust path validation for the `image_path` argument. Ensure the path is normalized, does not contain directory traversal sequences (e.g., `..`), and is restricted to an allowed input directory (e.g., a temporary directory or a user-specific upload directory). If the skill is intended to process user-uploaded images, ensure they are stored in a secure, isolated location. | LLM | scripts/qr_read.py:30 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/omar-khaleel/qr-code-pro/scripts/qr_generate.py:3 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/omar-khaleel/qr-code-pro/scripts/qr_read.py:3 |
Scan History
Embed Code
[](https://skillshield.io/report/437b3129c3473048)
Powered by SkillShield