Windsensei
PassAudited by ClawScan on May 1, 2026.
Overview
The provided artifacts describe a wind-forecast assistant with disclosed WindSensei API use and optional account/calendar features, with no evidence of hidden or malicious behavior.
This looks safe to install for wind and weather forecasting. Add the API key only if you want personalized WindSensei features, protect that key, and review any proposed calendar changes before approving them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured, the agent can use the user's WindSensei account key to retrieve personalized forecasts, favorites, history, and social/live-session information.
The optional API key grants access to user-specific WindSensei account data and social features; this is disclosed and aligned with the service integration.
`WINDSENSEI_API_KEY`: An API key starting with `ss_`. ... With it, you get personalized forecasts, dashboard overview, session history, and social features.
Configure the API key only if you want personalized features, keep it revocable, and prefer the documented Authorization header rather than putting keys in URLs.
If the user asks for it, the agent may create or modify calendar entries for wind-sport sessions.
The skill can involve calendar mutation through the host agent's calendar tools; the artifact frames this as user-requested, but calendar changes are still user-impacting actions.
Blocking off time or adding sessions to their calendar based on wind
Require a clear user request and confirm event details before creating, changing, or deleting calendar entries.
Queries, spot searches, and authenticated account requests may be sent to WindSensei's service.
The skill relies on an external provider for forecasts and authenticated account data; this data flow is clearly disclosed and purpose-aligned.
This skill only makes HTTPS requests to the WindSensei API.
Use the skill only if you are comfortable with WindSensei receiving those requests, and avoid sharing unnecessary personal details in spot or session queries.