中国城市天气Weather in China

Security checks across malware telemetry and agentic risk

Overview

This weather skill is mostly coherent, but it evaluates remote weather-page text as shell code, creating an avoidable local command execution risk.

Install only if you are comfortable running a shell script that trusts weather.com.cn page content. The weather function is straightforward, but the script should be patched to remove eval and parse fields safely before routine use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The script builds shell assignments from untrusted content parsed out of remote HTML and then executes them with `eval`. Because `WEATHER` is extracted from the page `<title>` with minimal sanitization, a malicious or compromised upstream response could inject shell metacharacters or command substitutions, leading to arbitrary command execution on the host running the weather tool. In a weather-query skill, this capability is unrelated to the stated purpose, which makes the pattern especially dangerous rather than justified by context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal