Scan to Skill
Install skills from QR codes in one flow: decode -> parse slug -> install -> verify.
Trigger
When a user sends an image and asks to install from QR:
- 1. Detect image attachment in the current message.
- Run
scripts/install_from_qr.py <image> (dry run by default). - Show the decoded text and parsed slug to the user.
- Prompt the user: "Decoded skill:
<slug>. Do you want me to install it?" - If the user confirms, run
scripts/install_from_qr.py <image> --confirm to execute the install. - Show the install result and suggest next steps.
Workflow
- 1. Get QR input image
- Use uploaded image, screenshot, or camera snapshot.
- 2. Decode QR content
- Prefer
scripts/install_from_qr.py --decode-only <image>.
- 3. Parse install target
- Accept:
- direct slug (
skill-feed)
- ClawHub URL (
https://clawhub.ai/<owner>/<slug> or
https://clawhub.ai/<slug>)
- install command text (
clawhub install <slug>)
- 4. Install with ClawHub CLI
- Run install command generated by script.
- 5. Verify installation
- Check with
clawhub list.
Commands
- - Decode only (no install attempt):
-
python3 scripts/install_from_qr.py --decode-only <image_path>
- - Dry run (decode + show install command, but do not install):
-
python3 scripts/install_from_qr.py <image_path>
- - Install after user confirms:
-
python3 scripts/install_from_qr.py <image_path> --confirm
- �INLINECODE12
Safety
- - The script defaults to dry run. Install only executes when
--confirm is explicitly passed. - The agent must never pass
--confirm without the user's explicit approval. - Only accept URLs from verified ClawHub domains (
clawhub.ai, clawhub.com and their www. variants). - URLs from non-ClawHub domains are rejected by the script (exit code 4).
- Plain slugs and
clawhub install commands are accepted as trusted sources. - For any slug the user hasn't seen before, recommend checking the skill page on ClawHub before installing.
Output format
- - Decoded QR: �INLINECODE19
- Parsed slug: �INLINECODE20
- Install command: �INLINECODE21
- Result: success/failure + reason
- Next step: open skill page or run quick test
References
- - Parsing rules and examples: �INLINECODE22
扫描安装技能
通过一个流程从二维码安装技能:解码 → 解析标识符 → 安装 → 验证。
触发条件
当用户发送图片并要求从二维码安装时:
- 1. 检测当前消息中的图片附件。
- 运行 scripts/installfromqr.py <图片>(默认仅模拟运行)。
- 向用户展示解码后的文本和解析出的标识符。
- 提示用户:已解码技能:<标识符>。是否要安装?
- 如果用户确认,运行 scripts/installfromqr.py <图片> --confirm 执行安装。
- 显示安装结果并建议后续步骤。
工作流程
- 1. 获取二维码输入图片
- 使用上传的图片、截图或相机快照。
- 2. 解码二维码内容
- 优先使用 scripts/install
fromqr.py --decode-only <图片>。
- 3. 解析安装目标
- 接受:
- 直接标识符(skill-feed)
- ClawHub URL(https://clawhub.ai/<所有者>/<标识符> 或 https://clawhub.ai/<标识符>)
- 安装命令文本(clawhub install <标识符>)
- 4. 使用 ClawHub CLI 安装
- 运行脚本生成的安装命令。
- 5. 验证安装
- 使用 clawhub list 检查。
命令
- python3 scripts/install
fromqr.py --decode-only <图片路径>
- - 模拟运行(解码并显示安装命令,但不执行安装):
- python3 scripts/install
fromqr.py <图片路径>
- python3 scripts/install
fromqr.py <图片路径> --confirm
- python3 scripts/install
fromqr.py <图片路径> --confirm --dir skills
安全机制
- - 脚本默认仅模拟运行。 仅当显式传递 --confirm 参数时才执行安装。
- 代理在没有用户明确批准的情况下,绝不能传递 --confirm 参数。
- 仅接受来自已验证 ClawHub 域名(clawhub.ai、clawhub.com 及其 www. 变体)的 URL。
- 来自非 ClawHub 域名的 URL 会被脚本拒绝(退出代码 4)。
- 纯标识符和 clawhub install 命令被视为可信来源。
- 对于用户之前未见过的任何标识符,建议在安装前先在 ClawHub 上查看技能页面。
输出格式
- - 解码后的二维码:<原始文本>
- 解析后的标识符:<标识符>
- 安装命令:<命令>
- 结果:成功/失败 + 原因
- 后续步骤:打开技能页面或运行快速测试
参考资料
- - 解析规则和示例:references/slug-parsing.md
