Skillv1.1.0

ClawScan security

Weather Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 25, 2026, 4:42 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (fetches wttr.in and charges via SkillPay), but it contains an embedded SkillPay API key in both SKILL.md and the code and fails to declare required credential/env usage—this mismatch and the embedded secret are concerning.
Guidance: Before installing, consider the following: - The skill contains a plaintext SkillPay API key in SKILL.md and as a default in the code. Confirm who owns that key. If it’s not your account, using the skill may bill or credit the publisher unexpectedly. Ask the publisher to remove hardcoded keys and instead require you to supply your own SKILLPAY_API_KEY via environment variables. - Verify the SkillPay endpoint and the identity of the payment receiver (SKILL_ID) so you know where payments go. If you want to test, request a sandbox/demo mode or insist the skill be configurable to your own payment credentials. - The skill will send the provided user_id to the payment endpoint. Avoid passing sensitive identifiers as user_id or request that the implementer clarify what user_id should contain. - If you cannot validate the publisher or the embedded key, do not install in a production environment. Ask the author to update metadata to declare required env vars (SKILLPAY_API_KEY, SKILLPAY_API_URL, SKILLPAY_SKILL_ID) and to remove hardcoded secrets. Rotate any exposed keys if you control them. - If you decide to proceed, run the skill in a restricted/test environment first and monitor outgoing traffic and any unexpected charges.

Review Dimensions

Purpose & Capability: noteThe skill's code implements the described functionality (queries wttr.in and returns temperature). Payment via SkillPay is coherent with the stated 0.001 USDT per call price. However, the registry metadata lists no required environment variables while both SKILL.md and handler.py include and rely on a SkillPay API key and related SKILLPAY_* environment variables (code falls back to a hardcoded key). The omission of declared env requirements is an inconsistency.
Instruction Scope: concernSKILL.md and handler.py instruct the agent to call an external billing endpoint (https://skillpay.me/api/v1/billing/charge) and to send the user_id, skill_id, and amount. The code will transmit user_id to a third-party payment service (expected for billing) but SKILL.md/mgmt did not declare this network interaction explicitly or the required credential. The SKILL.md also includes a plaintext API key, which broadens the surface for misuse.
Install Mechanism: okNo install spec and no external downloads. The skill is instruction/code-only and uses Python requests; nothing is written to disk beyond shipping the handler.py. This is low install risk.
Credentials: concernThe code reads SKILLPAY_API_KEY, SKILLPAY_API_URL, and SKILLPAY_SKILL_ID from the environment, but the skill metadata declares no required env vars. Furthermore, a full SkillPay API key is embedded in SKILL.md and hardcoded as the default in handler.py. Embedding an operational API key in distributed code is a sensitive practice: it may allow unintended billing, and it exposes a secret that should be rotated/owned by the publisher. A weather lookup does not inherently require the publisher's private payment key to be distributed with the skill.
Persistence & Privilege: okalways is false, the skill does not request persistent or platform-wide privileges, and it does not modify other skills or agent configs. Autonomous invocation is allowed (platform default) and not by itself flagged.