Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
QWeather
v1.0.0Global weather queries powered by QWeather. Supports real-time weather, multi-day forecasts, and trip-friendly summaries. Self-growing — expands along offici...
⭐ 0· 93·0 current·0 all-time
by@gnixner
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's description is a weather client for QWeather, which legitimately requires KID, Project ID, API Host, and a private key for JWT-based auth. However the registry metadata declares no required environment variables or primary credential even though the code and SKILL.md clearly require secrets (QWEATHER_KID, QWEATHER_PROJECT_ID, QWEATHER_PRIVATE_KEY_PATH, QWEATHER_API_HOST or local/qweather.json). This mismatch between declared requirements and actual needed credentials is incoherent and should be fixed or explained by the author.
Instruction Scope
SKILL.md instructs the agent to perform an interactive first-use flow: collect the three secret values from the user, generate an Ed25519 keypair (defaulting to ~/.ssh/ if user unsure), prompt the user to upload the public key, create local/qweather.json, and automatically run bash scripts (init.sh and test.sh). Those instructions give the agent broad permission to write files, execute local scripts, and (per the 'self-growing' language) to update SKILL.md and capabilities. While this is plausible for setup, it grants the agent discretionary file-system and code-modification actions that are not enforced by the code and therefore raise scope and safety concerns.
Install Mechanism
There is no package install spec; the skill is instruction + scripts. The only remote download is LocationList CSV from a known GitHub raw URL. No arbitrary installers or external archives are fetched. Risk from install mechanism itself is low.
Credentials
The runtime code reads a private key file and requires KID, Project ID, and API Host to construct signed JWTs — these are appropriate for QWeather integration. But the skill metadata failed to declare these required env vars/primary credential. The gen-jwt.mjs will load a private key path and sign tokens and also cache tokens to local/jwt-cache.json; storing private auth material under local/ without clear protections can be risky if local/ is synced or backed up. Requiring a user's private key and advising a default save location of ~/.ssh increases the potential for accidental exposure or key management mistakes.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. However SKILL.md's 'self-growing' guidance and the first-use flow instruct the agent to write local configuration (local/qweather.json, jwt-cache.json) and possibly generate a private key in a default system directory (~/.ssh) — actions that create persistent artifacts on the host. This is not inherently malicious but users should control where keys/config are stored and whether the agent is allowed to run commands that create files.
What to consider before installing
Before installing: 1) Note the registry metadata does NOT list the required secrets — the skill actually needs QWEATHER_KID, QWEATHER_PROJECT_ID, QWEATHER_PRIVATE_KEY_PATH, and QWEATHER_API_HOST (or a local/qweather.json). Ask the author to update the metadata. 2) The skill asks the agent to generate and store an Ed25519 private key and may default to ~/.ssh — do NOT accept default locations without verifying (use a dedicated secure path and do not overwrite existing SSH keys). 3) Inspect scripts yourself (they are present) and run init/test manually instead of letting an agent run them automatically; verify local/ is excluded from backups/version control so private data isn't leaked. 4) Understand the agent is instructed to 'self-grow' and update SKILL.md/files when adding features — clarify whether such changes require your explicit approval (prefer manual commits/PRs). 5) If you proceed, keep the private key and local/ directory offline/safely stored, and only provide the minimal credentials required. If the author cannot correct the missing metadata or clarify the self-modification behavior, treat installation as higher risk.Like a lobster shell, security has layers — review code before you run it.
latestvk97cq0ej28xdq1dge78ezmxb6d84hpt8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.