Trust Assessment
qr-code-generator received a trust score of 30/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 0 critical, 1 high, 8 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Unpinned Python dependency version, Arbitrary code execution via format string vulnerability in batch processing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 65/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary code execution via format string vulnerability in batch processing The `scripts/qr.py` script likely uses Python's `str.format()` method with the `--template` argument for generating filenames during batch processing. Both the template string (from `args.template`) and the data used for formatting (from `row_data` derived from user-provided CSV/JSON files) are user-controlled. This design pattern is vulnerable to arbitrary code execution, allowing an attacker to craft a malicious format string (e.g., `'{}.__class__.__bases__[0].__subclasses__()[132].__init__.__globals__["__builtins__"]["eval"]("__import__(\"os\").system(\"ls -la\")")'`) or inject malicious data into batch files, leading to arbitrary code execution on the system where the script is run. Implement a safer method for filename generation that does not rely on `str.format()` with untrusted input. Options include: 1. **Strict Whitelisting**: Only allow specific, predefined placeholders in the template and validate all characters. 2. **Safe Templating Engine**: Use a sandboxed templating engine (e.g., Jinja2 with strict configuration) if complex templating is required. 3. **Direct String Concatenation**: Construct filenames using explicit string concatenation or f-strings with carefully controlled variables, avoiding direct use of user-provided format strings. 4. **Input Validation**: Thoroughly validate both the `--template` argument and the content of batch files (CSV/JSON) to prevent malicious patterns. | LLM | scripts/qr.py | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/anisafifi/qr-code-generator/scripts/qr.py:3 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/anisafifi/qr-code-generator/scripts/qr.py:616 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/anisafifi/qr-code-generator/scripts/qr.py:627 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/anisafifi/qr-code-generator/scripts/qr.py:631 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/anisafifi/qr-code-generator/scripts/qr.py:635 | |
| MEDIUM | Unpinned Python dependency version Requirement 'qrcode[pil]>=7.4.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/anisafifi/qr-code-generator/scripts/requirements.txt:4 | |
| MEDIUM | Unpinned Python dependency version Requirement 'segno>=1.6.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/anisafifi/qr-code-generator/scripts/requirements.txt:7 | |
| MEDIUM | Unpinned Python dependency version Requirement 'Pillow>=10.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/anisafifi/qr-code-generator/scripts/requirements.txt:10 |
Scan History
Embed Code
[](https://skillshield.io/report/d5945032f3b691c5)
Powered by SkillShield