Weather Checker
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward weather command-line skill, with only normal external API use and user-directed install/provenance details to check.
This skill looks reasonable for checking weather. Before installing, verify the repository or use the included script, avoid sudo unless you need a system-wide command, and remember that queried city/location information is sent to Open-Meteo.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user follows the setup commands blindly, they may install or run code from an external source and create a system-wide command.
The install documentation uses a package install, remote download from a placeholder GitHub path, and optional privileged symlink. These are user-directed and common for a CLI, but provenance and privilege should be verified.
pip3 install requests --user ... curl -O https://raw.githubusercontent.com/yourusername/weather-checker/main/weather_checker.py ... sudo ln -sf $(pwd)/weather_checker.py /usr/local/bin/weather-checker
Use the bundled reviewed script or a verified repository, prefer a user-local symlink, and avoid sudo unless system-wide installation is necessary.
The city or location being queried is shared with Open-Meteo; the artifacts do not show credentials or local files being sent.
The code sends the requested city name to Open-Meteo geocoding, and then uses the resulting coordinates for a forecast API call. This is necessary for the stated weather lookup purpose and is disclosed in the documentation.
"https://geocoding-api.open-meteo.com/v1/search" ... params={"name": city_name, "count": 1, "language": "zh", "format": "json"}Only query locations you are comfortable sending to the weather provider.