ClawHub

Weather Digest

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward weather-report skill that fetches public NOAA/NWS data and writes user-requested digest files, with a few normal setup and automation cautions.

Install it in a virtual environment, pin or review the requests version for repeatable installs, keep config locations appropriate for the audience, HTML-escape or sanitize generated HTML before publishing it broadly, and only enable cron, LaunchAgent, heartbeat, or Slack webhook recipes after reviewing the paths, recipients, and privacy implications.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (8)

Tainted flow: 'html' from pathlib.Path.read_text (line 306, file read) → pathlib.Path.write_text (file write)

Medium
Category
Data Flow
Content
if args.html_path:
        html = build_html(reports, theme=args.theme)
        html_path = Path(args.html_path)
        html_path.write_text(html)
        print(f"HTML digest written to {html_path} (theme: {args.theme})")
    if args.json_path:
        json_payload = build_json_document(reports)
Confidence
79% confidence
Finding
html_path.write_text(html)

Tainted flow: 'html' from pathlib.Path.read_text (line 306, file read) → pathlib.Path.write_text (file write)

Medium
Category
Data Flow
Content
if args.html_path:
        html = build_html(reports, theme=args.theme)
        html_path = Path(args.html_path)
        html_path.write_text(html)
        print(f"HTML digest written to {html_path} (theme: {args.theme})")
    if args.json_path:
        json_payload = build_json_document(reports)
Confidence
93% confidence
Finding
html_path.write_text(html)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill invokes a Python script that reads a local config file, writes output to an arbitrary filesystem path, and performs network access to api.weather.gov, yet the manifest does not declare any permissions. This creates a transparency and policy-enforcement gap: hosts or users may approve the skill without understanding its actual capabilities, increasing the risk of unintended file access, file overwrite, or outbound network use.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill is described as generating a weather digest, but this automation recipe adds outbound Slack notifications and direct-message style delivery. That extends the skill from local report generation into external communications, which changes the trust boundary and can cause unintended disclosure or message-sending side effects if adopted without clear consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The Slack webhook example transmits digest content to an external service without any warning about data disclosure, retention, or access controls. Even if the weather data seems low sensitivity, the generated digest may contain user-specific locations, alerting preferences, or operational context that should not be silently exfiltrated to third parties.

External Transmission

Medium
Category
Data Exfiltration
Content
1. Extend the wrapper to post summaries via webhook:
   ```bash
   SUMMARY=$(head -n 30 outputs/digest-$(date +%Y%m%d).md)
   curl -X POST -H 'Content-type: application/json' \
     --data '{"text":"Weather Digest\n```'     --data '{"text":"Weather Digest\n```\n'$(tail -n +2 outputs/digest-$(date +%Y%m%d).md | head -n 20)\n```"}' $SLACK_WEBHOOK_URL
   ```
   Adjust `tail/head` lines to control preview length. Use Block Kit if you prefer cards.
Confidence
95% confidence
Finding
curl -X POST -H 'Content-type: application/json' \ --data '{"text":"Weather Digest\n```' --data

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
Confidence
91% confidence
Finding
requests>=2.31.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
87% confidence
Finding
requests

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal