ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Weather Checker

v1.0.0

Command-line weather checker tool with global city support, temperature, precipitation, and probability display with emoji formatting

0· 504·0 current·0 all-time
by@luckisnow
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the code is a Python CLI that geocodes city names and requests forecast data from Open‑Meteo. Declared required binary (python3) and the pip dependency (requests) are appropriate and proportional.
Instruction Scope
SKILL.md/README only instructs installing requests, downloading the script from the project's raw GitHub URL, and optionally linking it into /usr/local/bin. Runtime behavior in the included Python file matches the documented behavior (calls Open‑Meteo geocoding and forecast endpoints). Minor inconsistencies: README mentions a setup.sh that is not included, and the download URL and homepage use a placeholder username (yourusername) — you should verify the upstream repo before running the curl command.
Install Mechanism
There is no formal install spec in the registry (instruction-only). SKILL.md suggests curl to download the raw script from raw.githubusercontent.com and optionally creating a sudo symlink — these are common but carry the usual risk of executing code you downloaded. Because the skill bundle already contains weather_checker.py, you can inspect the shipped file instead of fetching from the raw URL.
Credentials
The skill requests no environment variables, no credentials, and no config paths. Network access to Open‑Meteo endpoints is required and is consistent with the stated purpose.
Persistence & Privilege
always:false and no special privileges requested. The only persistence the docs suggest is an optional user action to create a symlink (may require sudo) — this is a user-installed convenience and not performed automatically by the skill.
Assessment
This appears to be a straightforward, coherent CLI weather tool. Before installing: (1) inspect the included weather_checker.py (the package already contains it) rather than blindly running curl; (2) verify the GitHub homepage/raw URL actually points to the expected repository (the docs use a placeholder 'yourusername'); (3) avoid running any downloaded script with sudo or piping to shell — if you want a global command, create the symlink only after manual inspection; (4) be aware it needs outbound network access to Open‑Meteo (no API keys required). If any of these checks fail or the upstream repo differs from the packaged file, do not install.

Like a lobster shell, security has layers — review code before you run it.

latestvk97057hdrkdftw0j948x774xzx81v96j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌤️ Clawdis
Binspython3

Comments