Historical Weather - 历史天气
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: weather2 Version: 1.0.5 The skill is a legitimate wrapper for the JisuAPI historical weather service. The Python script `weather2.py` safely handles API requests using the `requests` library, communicates only with the official `api.jisuapi.com` endpoint, and contains no evidence of malicious intent, data exfiltration, or command injection vulnerabilities.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill will use the configured JisuAPI key and may consume that account's quota; the provider will receive the weather query parameters.
The skill reads a local API key and sends it as a request parameter to the disclosed JisuAPI endpoint. This is expected for the weather API integration, but it is still delegated account access.
appkey = os.getenv("JISU_API_KEY") ... BASE_URL = "https://api.jisuapi.com/weather2" ... requests.get(url, params=all_params, timeout=10)Use a dedicated JisuAPI key with appropriate quota limits and only configure a key you are comfortable using for this weather lookup.
The skill may fail in an environment without requests installed, and users should avoid installing missing dependencies from untrusted ad-hoc sources.
The code depends on the third-party requests package, while the supplied install information only declares python3 and provides no package install or pinning details.
import requests
Run it in a reviewed Python environment that already provides requests, or install a pinned, trusted requests package if needed.