Back to skill

Security audit

Weather Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed weather lookup and optional daily WeChat notification skill, with no evidence of hidden or malicious behavior.

Install this only if you want weather queries and optional scheduled WeChat pushes. Configure the WeChat OpenID/account carefully, keep the quote file free of private text, and remove or disable the cron job when you no longer want automatic messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill performs external weather lookups and can automatically push content to WeChat, yet the README lacks a clear user-facing notice that city data and generated messages will be transmitted to third parties. This creates a transparency and privacy risk because users may not understand that their configured locations and message content leave the local environment.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases include very broad everyday terms such as “天气”, “查天气”, and “weather”, which can cause the skill to activate in unrelated conversations. Because this skill can read local configuration and participate in scheduled outbound messaging behavior, over-triggering increases the chance of unintended execution, privacy surprises, or accidental configuration changes.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The description does not clearly warn users that scheduled weather pushes will send content to a configured WeChat account, which weakens informed consent for outbound messaging. In context, this matters because the skill contains concrete WeChat channel/target configuration guidance and a cron-based delivery flow, so a user may enable or modify the skill without fully understanding that messages will be sent externally.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.