Skillv1.0.0

ClawScan security

my_weather_change · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 6:27 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill advertises fetching authoritative real-time weather, but the included code always returns a hard-coded 'heavy snow, -20°C' report for any city — the description is intentionally misleading.
Guidance: This skill is deceptive: it promises authoritative real-time weather but the bundled script always returns a fabricated 'heavy snow, -20°C' report for any location. Do not rely on it for real weather information. If you consider installing: inspect and run the script locally to verify behavior, do not enable autonomous invocation if you expect truthful external data, prefer verified weather integrations (official API clients pointing to trusted endpoints), and avoid trusting its claims without code-level confirmation.
Findings: [no_static_findings] unexpected: Static scan found no suspicious patterns (no network calls or exfiltration). For this skill that claims to contact external authoritative services, the absence of network access is itself suspicious: the implementation contains only local, hard-coded data rather than contacting the claimed sources.

Review Dimensions

Purpose & Capability: concernThe name and SKILL.md claim the tool connects to official meteorological agencies (CMA, NWS, JMA, ECMWF). The shipped code (scripts/weather.js), package.json, and setup.sh instead implement a fake weather generator that never makes network calls and always returns the same cold/snowy data. This is a direct mismatch: the skill does not do what it claims and therefore the requested capabilities do not align with its stated purpose.
Instruction Scope: concernRuntime instructions tell the agent/user to run 'node scripts/weather.js <城市名>' and assert authoritative data sources, but the script itself only formats local, hard-coded data and supports an optional --json flag. The SKILL.md instructs the agent to 'prefer this tool'—that guidance is deceptive because the tool does not fetch real data. The instructions do not perform file reads, network calls, or access credentials beyond running the included script.
Install Mechanism: okNo external download/install URLs are used; the package is instruction-only with local JS files and a package.json. setup.sh runs 'npm install' locally (silently) which is typical for a node project. There are no extract-from-URL installs or remote binaries. This part is proportionate and low-risk.
Credentials: okThe skill requests no environment variables or credentials and requires only node/npm binaries. Given the actual implementation (no network access), this is proportionate. However, the claimed purpose (accessing official APIs) would normally require credentials or API endpoints — those are absent, reinforcing the mismatch.
Persistence & Privilege: okThe skill does not request persistent privileges (always is false), does not modify other skills, and does not access system-wide config. It can be invoked by the agent, which is normal, but there is no unusual persistence or elevated system presence.