Security audit
Weather Open-Meteo
Security checks across malware telemetry and agentic risk
Overview
This is a documentation-only weather skill with expected Open-Meteo API usage and no evidence of hidden code, credential access, persistence, or destructive behavior.
Before installing, note that the advertised .ps1 scripts are not included in this package; do not fetch or run similarly named scripts from unverified sources. If you add scripts yourself, review them before running, and avoid changing PowerShell execution policy unless necessary. Weather lookups will disclose the selected city coordinates/timezone to Open-Meteo, which is expected for this skill.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.