weather_advanced

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward weather skill that sends a city name to an external weather API and returns formatted forecast details.

Before installing, be aware that city names you ask about are sent to api.vvhan.com. Avoid entering sensitive personal details as the city value, and use the skill only if you are comfortable with that external weather lookup.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The skill sends the user-supplied city name to a third-party weather API, which is an external data disclosure even if the data is low sensitivity. The main risk is privacy/transparency: users are not informed in this file that their input will be transmitted off-platform, and the external service may log requests.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal