Skills
skills/hit-pay/claude-code-plugin/qr-checkout/Gen Agent Trust Hub

qr-checkout

Warn

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to build shell commands by interpolating variables from the create_embedded_qr tool response. Specifically, the echo 'PAYLOAD_HERE' > /tmp/qr_payload.txt and python3 -c "...qrcode.make('PAYLOAD_HERE')..." patterns are vulnerable if the payload contains shell metacharacters or single quotes, which could escape the string context and execute arbitrary commands.
  • [EXTERNAL_DOWNLOADS]: The skill performs an on-the-fly installation of the qrcode Python package using pip3 install qrcode[pil]. While this is a well-known library, runtime package installation from public registries introduces a dependency on external sources.
  • [REMOTE_CODE_EXECUTION]: The skill uses python3 -c to execute dynamically generated code snippets for QR code rendering. This execution involves data retrieved from the HitPay API, creating a path for potential code injection if the input is not strictly validated.
  • [COMMAND_EXECUTION]: The skill uses the open command to launch generated HTML files from the /tmp directory. While intended to display the checkout page, opening untrusted files in a browser can expose the user to local file-based attacks if the file content was manipulated via the injection vectors mentioned above.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 21, 2026, 06:50 PM
Security Audit — agent-trust-hub — qr-checkout