Weather Ensemble Forecast
PassAudited by ClawScan on May 1, 2026.
Overview
This weather skill appears purpose-aligned and benign; it only calls a disclosed forecast API, with minor notes about third-party network use and an optional API key.
Before installing, confirm you are comfortable sending forecast city/date requests to the Weather Ensemble API server and only configure the optional API key or host override if you trust that service.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Forecast requests send the requested city/date to the configured weather API endpoint.
The skill uses curl to contact an external API, and the destination can be overridden through WEATHER_ENSEMBLE_HOST. This is consistent with the forecast purpose, but users should be aware of where requests are sent.
HOST="${WEATHER_ENSEMBLE_HOST:-https://polymarket-scanner.fly.dev}" ... RESPONSE=$(curl "${CURL_ARGS[@]}" "$URL")Use the default endpoint unless you intentionally trust a different WEATHER_ENSEMBLE_HOST value.
A service-specific API key, if configured, will be shared with the forecast server for requests.
If the optional API key is set, the script sends it to the forecast API as an X-API-Key header. This is disclosed and purpose-aligned for full API access.
API_KEY="${WEATHER_ENSEMBLE_API_KEY:-}" ... CURL_ARGS+=(-H "X-API-Key: $API_KEY")Only set a dedicated Weather Ensemble API key, avoid reusing sensitive tokens, and unset it when not needed.