Skillv1.0.0

ClawScan security

Weather · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 4, 2026, 7:46 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only weather-query helper whose declared inputs and runtime instructions are consistent with its stated purpose and it requests no credentials or installs.
Guidance: This skill is internally consistent and doesn't ask for secrets or install anything. Before enabling, confirm how 'query_weather' is implemented on your platform (which external weather API/provider it calls) so you understand: (1) where location queries are sent and the provider's privacy policy, (2) any rate limits or costs, and (3) whether you need to supply an API key elsewhere in your agent configuration. If you are concerned about automatic invocation, you can keep disable-model-invocation or manual invocation settings on your agent platform.

Purpose & Capability: okThe name/description (weather lookup and forecasting) align with the SKILL.md: it only asks for a location, days, and detail flags and calls a single logical tool 'query_weather' to obtain weather data. There are no unrelated requirements (no cloud credentials, no unrelated binaries).
Instruction Scope: okInstructions are narrowly scoped to calling query_weather and performing agent-side analysis (summaries, suggestions, alerts). They do not instruct reading local files, environment variables, or other system state, nor transmitting data to arbitrary endpoints.
Install Mechanism: okThere is no install spec and no code files. As an instruction-only skill it does not write to disk or pull external installers.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. That is proportionate for a public weather lookup skill. (Note: it implicitly depends on a platform-provided 'query_weather' tool or connector; no secrets are requested.)
Persistence & Privilege: okFlags are default (always:false, agent-invocation allowed). It does not request permanent presence or modify other skills or system settings.