Yr Weather
PassAudited by ClawScan on May 1, 2026.
Overview
This weather skill appears purpose-aligned and only fetches forecasts from the disclosed MET Norway API, with minor privacy and install-provenance points to notice.
This skill looks safe for normal weather lookups. Before installing, be aware that exact coordinates are sent to MET Norway, and use a pinned/reviewed source if you choose the optional GitHub pip install route.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may disclose the queried location coordinates to MET Norway, which is expected for weather forecasts.
The code sends the requested latitude, longitude, and optional altitude to the external MET Norway weather API.
params = {"lat": str(lat), "lon": str(lon)} ... url = f"https://api.met.no/weatherapi/locationforecast/2.0/compact?{query_string}"Use approximate coordinates if exact location privacy matters, and avoid sharing locations you do not want sent to the weather provider.
If a user installs from the remote GitHub command instead of using the reviewed artifact, they may receive code that differs from the provided files.
The documentation includes an optional remote GitHub pip install command; the command itself does not pin the repository reference, although the text mentions a v1.0.0 tag.
Install via pip: `pip install git+https://github.com/brandoncrabpi/yr-weather.git`
If using the standalone install path, pin a specific tag or commit and review that source before installation.