ClawHub

Weather Query

v0.1.0

Use when users ask about weather conditions, forecasts, or climate information for locations in China.

2· 753·7 current·8 all-time
by@jaceymarvin99
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the included scripts: realtime.sh and forecast.sh query a weather API and return current conditions and forecasts for Chinese locations. Required resources (no env, no binaries) are proportional to the stated purpose.
Instruction Scope
SKILL.md instructs the agent to run the provided shell scripts and to format responses by encoding. The scripts make outbound HTTPS GET requests and will transmit user-provided location queries to https://60s.viki.moe. The SKILL.md does not disclose that hostname explicitly; this is not malicious but is a privacy/trust consideration. The scripts do not read local files or environment variables beyond parameters, and they do not attempt extra data collection.
Install Mechanism
No install spec; the skill is instruction+script only. The scripts are plain shell and do not download or install additional code. This is low-risk from an install/execution perspective.
Credentials
The skill requests no environment variables or credentials. There are no config paths required. This is proportionate to a simple weather lookup skill.
Persistence & Privilege
The skill does not request persistent/system privileges and is not marked always:true. It does not modify other skills or system configuration.
Assessment
This skill appears to do what it says: run two shell scripts that call a third‑party weather API and return results. Before installing, consider that: (1) location queries (user input) are sent to https://60s.viki.moe — verify you trust that provider and its privacy policy if you will send sensitive or private location data; (2) SKILL.md does not list the remote hostname, so inspect the scripts (already included) to confirm behavior; (3) no credentials are requested, so there is no obvious credential exfiltration risk, but if you prefer trusted sources swap the API endpoint to a known provider; (4) run the skill in a controlled environment if you need to audit traffic (e.g., via a network proxy) before deploying broadly.

Like a lobster shell, security has layers — review code before you run it.

latestvk9763646f9ga6qc0th2atpqrx181wbp5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments