ClawHub

Weather Plus

Security checks across malware telemetry and agentic risk

Overview

The weather features look straightforward, but the skill includes a paid SkillPay billing command that can charge by default and its credential requirement is under-declared.

Review the payment flow before installing. The weather lookups themselves are simple external requests to wttr.in, but using the billing command requires a SkillPay API key and can charge a user account; only use it if you are comfortable with that payment integration and require explicit approval before charges.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI02: Tool Misuse and Exploitation
Medium
What this means

An agent could invoke the billing script in a way that charges a SkillPay account, rather than only retrieving weather information.

Why it was flagged

The billing CLI defaults to charging when called with a user ID. Because this is a financial action and the workflow presents billing before weather use, lack of explicit approval or confirmation is a material control concern.

Skill content
g.add_argument("--charge", action="store_true", default=True) ... else: r = charge(a.user_id, a.amount, a.api_key)
Recommendation

Require explicit user confirmation before each charge, make non-mutating actions the default, and enforce a local maximum amount for this skill.

#
ASI03: Identity and Privilege Abuse
Medium
What this means

Users may not realize the skill needs a payment-related API key with authority to perform billing operations.

Why it was flagged

The registry metadata declares no credentials, but SKILL.md requires SKILLPAY_API_KEY and billing.py sends it as an X-API-Key for charge, balance, and payment-link operations. This under-declares financial account authority.

Skill content
Required env vars: none; Env var declarations: none; Primary credential: none
Recommendation

Declare SKILLPAY_API_KEY as a credential in metadata, document its exact permissions, and advise users to use a key scoped only to this skill and billing amount.

#
ASI09: Human-Agent Trust Exploitation
Low
What this means

A user could misunderstand the credential and payment requirements before installing or invoking the skill.

Why it was flagged

The top-level wording says no API key is needed, while the configuration table later says a SkillPay API key is required. The weather provider may not need a key, but the payment flow does.

Skill content
No API key needed. 0.001 USDT/call. ... | `SKILLPAY_API_KEY` | Yes | SkillPay.me API key |
Recommendation

Clarify that no weather API key is needed, but SkillPay billing requires a SkillPay API key and may charge 0.001 USDT per call.