Back to skill

Security audit

WeatherKit

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Apple WeatherKit forecast tool, but users should protect their Apple key and be aware that location queries and raw API responses may appear in logs.

Install only if you are comfortable giving the skill access to a WeatherKit-specific Apple private key and sending requested latitude/longitude values to Apple. Keep the .p8 key outside shared folders with restricted permissions, avoid exposing stderr logs for sensitive locations, and rotate or revoke the key if you suspect it was disclosed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill advertises required environment variables in metadata and its example invokes a local Python script that will read a private key file and make outbound authenticated API requests, yet the skill does not declare corresponding permissions. Undeclared access to environment variables, local files, and network creates a transparency and policy-enforcement gap: users and hosts may not realize the skill can read secrets and transmit data externally.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The documentation explains configuration and usage but does not clearly warn that user-supplied latitude/longitude and authenticated requests are sent to Apple's WeatherKit service. This omission can cause users to disclose precise location and use account-linked credentials without informed consent, which is a privacy and operational transparency issue.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code logs raw HTTP response bodies to stderr both on success and on error. Response payloads can contain location data, service metadata, or provider error details, and dumping them to logs increases the risk of sensitive information exposure in shared runtimes, CI systems, or agent platforms where stderr is centrally collected.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.