中国天气

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward China weather lookup skill with expected network use and a minor local cache hygiene issue.

Install if you are comfortable with queried city names being sent to wttr.in and recent current-weather results being briefly cached under /tmp. Avoid using sensitive private location details, and only set QWEATHER_KEY if you intentionally want to configure the optional weather provider.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 84% confidence
Finding: The documented behavior does not accurately match the implemented capabilities, including undocumented alert querying and an external API path via QWeather configuration. This is dangerous because hidden or inaccurately described network/data flows reduce informed consent, can bypass review expectations, and may cause users or agents to invoke features with different privacy, reliability, or trust assumptions than advertised.

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The script stores response data in a predictable file under `/tmp`, a world-writable shared directory, without creating a private temporary directory or restricting permissions. On multi-user systems this can enable cache poisoning, symlink attacks, or unauthorized reading/modification of cached content, especially because filenames are deterministic and no ownership checks are performed.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal