Historical Weather - 历史天气
PassAudited by ClawScan on May 1, 2026.
Overview
The artifacts show a narrow historical-weather lookup that calls JisuAPI with the user's API key; no hidden destructive, persistent, or unrelated behavior is evident.
This appears safe for its stated purpose. Before installing, make sure you are comfortable sending city/date weather queries to api.jisuapi.com and using a JisuAPI key that may consume quota; also ensure the Python requests dependency is available from a trusted environment.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill will use the configured JisuAPI key and may consume that account's quota; the provider will receive the weather query parameters.
The skill reads a local API key and sends it as a request parameter to the disclosed JisuAPI endpoint. This is expected for the weather API integration, but it is still delegated account access.
appkey = os.getenv("JISU_API_KEY") ... BASE_URL = "https://api.jisuapi.com/weather2" ... requests.get(url, params=all_params, timeout=10)Use a dedicated JisuAPI key with appropriate quota limits and only configure a key you are comfortable using for this weather lookup.
The skill may fail in an environment without requests installed, and users should avoid installing missing dependencies from untrusted ad-hoc sources.
The code depends on the third-party requests package, while the supplied install information only declares python3 and provides no package install or pinning details.
import requests
Run it in a reviewed Python environment that already provides requests, or install a pinned, trusted requests package if needed.