ClawHub

QWeather

Security checks across malware telemetry and agentic risk

Overview

This is a real QWeather weather skill, but it gives the agent too much automatic setup and self-modification authority around credentials and local files.

Install only if you are comfortable with the agent running local setup scripts and handling a dedicated QWeather credential. Before setup or any self-growing update, require the agent to show the exact commands and file paths, keep local/ and key files out of version control, store the private key with restrictive permissions, and review any SKILL.md changes before accepting them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to automatically create configuration files, generate keys, and execute shell scripts during first-time setup without clearly requiring explicit user consent for each system-modifying step. In an agentic environment, this can lead to unexpected file creation, key material placement, script execution, and network activity on the user's machine, increasing the risk of unsafe automation or abuse if the scripts are modified or misunderstood.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script caches a freshly signed JWT to a predictable local file in `local/jwt-cache.json` without setting restrictive file permissions, encrypting the token, or warning operators that a bearer credential is being persisted to disk. If the local directory is readable by other users, included in backups, accidentally committed, or exposed by another process, the token can be reused until expiry to access the QWeather API as the configured project.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal