Aviation Weather
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: aviation-weather Version: 1.0.0 The skill bundle is designed to fetch aviation weather data from aviationweather.gov. The `SKILL.md` provides clear instructions and examples without any prompt injection attempts. The `scripts/wx.py` uses standard Python libraries (`urllib.request`, `json`) to connect only to the specified `https://aviationweather.gov/api/data` endpoint, and does not exhibit any malicious behaviors such as data exfiltration, arbitrary command execution, persistence mechanisms, or access to sensitive files.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Airport codes or latitude/longitude search parameters may be sent to aviationweather.gov when the skill is used.
The script makes outbound API calls to the disclosed aviationweather.gov endpoint using user-selected stations, coordinates, hours, and radius values.
BASE_URL = "https://aviationweather.gov/api/data" ... with urlopen(url, timeout=10) as resp:
Use it for weather queries you are comfortable sending to aviationweather.gov, and review parameters before asking for location-based PIREPs.
The skill may not run in an environment without python3, despite the metadata not declaring that dependency.
The runtime examples depend on python3 even though the registry requirements list no required binaries; this is a small metadata completeness issue rather than hidden behavior.
python3 scripts/wx.py KSMO KLAX KVNY
Confirm python3 is available before use; no external packages or remote installers are shown in the artifacts.