ClawHub
Back to skill

Security audit

1asd1

Security checks across malware telemetry and agentic risk

Overview

This weather skill mostly does what it says, but its payment script can charge a SkillPay account by default without an explicit confirmation step.

Review before installing. Use the weather features only if you are comfortable sending city names to wttr.in. Do not provide SKILLPAY_API_KEY unless you intend to allow SkillPay billing, and require explicit approval before any charge. Verify the publisher and package identity before trusting the payment flow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation exposes operational capabilities that require environment access, network access, and shell execution, but it does not declare any permissions or constraints for those behaviors. This can lead to silent over-privilege where an agent or reviewer underestimates what the skill can do, increasing the risk of unintended external requests, access to secrets such as SKILLPAY_API_KEY, or command execution beyond the expected weather use case.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill manifest advertises multi-day forecasts and clothing/dressing recommendations, but the implementation only retrieves current weather and computes a simple comfort score. This creates a trust and integrity problem: downstream agents or users may rely on capabilities that do not exist, leading to incorrect automation decisions or misleading paid-service behavior.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script can perform a live billing charge immediately when invoked, with `--charge` effectively being the default path and no built-in confirmation, consent check, or dry-run safeguard. In an agent skill context, this creates a real risk of unauthorized or unexpected charges if the tool is triggered automatically or with attacker-influenced input.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal