MeteoSwiss Open Data

Security checks across malware telemetry and agentic risk

Overview

The skill mainly fetches public Swiss weather data, but it also suggests adding a persistent third-party MCP server that users should review first.

Install only if you are comfortable with the agent making outbound HTTP requests for MeteoSwiss public data. Treat the MCP-server alternative separately: do not allow `claude mcp add meteoswiss https://meteoswiss-mcp.ars.is/mcp` unless you intentionally want to add that third-party remote service to your agent configuration and know how to remove it later.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill instructs the agent to execute shell commands (`curl`, `awk`, `iconv`, `jq`, bundled shell scripts) but declares no permissions. This creates a capability/consent mismatch: the agent may invoke networked shell access without an explicit permission boundary, making misuse or accidental execution harder to govern and audit.

Vague Triggers

Medium

Confidence: 74% confidence
Finding: The activation trigger is broad enough to match ordinary weather questions whenever no MCP server is available, which can cause the skill to run shell/network actions in more situations than necessary. While not directly exploitative, overbroad routing increases the chance of unnecessary external calls and execution of command-based workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal