Security audit

wttr-weather

Security checks across malware telemetry and agentic risk

Overview

This is a coherent wttr.in weather helper with expected external weather lookups, plus some privacy and usability caveats users should understand.

Install this if you are comfortable with weather queries being sent to wttr.in. Prefer explicit public city names, avoid internal hostnames or private IPs, and use explicit safe output paths when downloading PNG weather images.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger text says to use this skill whenever the user mentions broad terms like weather, forecast, or temperature, which can cause the agent to invoke the skill in contexts where the user did not ask for an external lookup. Over-broad activation increases the chance of unintended network access, privacy leakage through location queries, and workflow hijacking away from the user's actual intent.

Natural-Language Policy Violations

Medium

Confidence: 87% confidence
Finding: The documentation states the language default is zh, which can make the skill return content in Chinese regardless of the user's language preference. While not a code-execution risk, this can override user intent, degrade usability, and cause incorrect or confusing responses in multilingual environments.

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The examples instruct users to send weather queries to an external third-party service via curl, but they do not disclose that the request transmits the queried location and related metadata to wttr.in. In this skill context, outbound requests are expected for a weather service, so the issue is not inherently malicious, but the lack of a privacy notice can cause inadvertent disclosure, especially for sensitive locations or automated use.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The domain and IP lookup examples are more sensitive because they encourage sending internal-looking infrastructure identifiers, including a private IP address, to an external weather service. This can leak internal network information or organizational assets to a third party, and the weather-skill context does not justify exposing private IPs or internal domains, making these examples more dangerous than ordinary city lookups.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill sends user-supplied locations and query parameters to the third-party service wttr.in without an explicit privacy notice or confirmation. In an agent context, this can expose potentially sensitive location information to an external service unexpectedly, which is a real privacy weakness even if not a traditional exploit path.

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The PNG mode writes a downloaded file to disk and can use a caller-supplied output path, but the tool provides no explicit warning that it will modify the local filesystem. In an agent setting, silent file creation is a meaningful safety concern because users may expect read-only behavior from a simple weather lookup.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal