Back to skill
Skillv1.0.3
VirusTotal security
skills-weather · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:03 AM
- Hash
- 6bef435fabb8740ef71f62b68115b0315dfffd51fbb26af74bd478ced0d9525f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: skills-weather Version: 1.0.3 The skill bundle is classified as suspicious due to the explicit allowance for a user-controlled configuration file path via the `-f` parameter and `SKILLS_WEATHER_CONFIG_FILE_PATH` environment variable, as described in `SKILL.md`. While this is a legitimate feature, it represents a common vulnerability vector (e.g., Local File Inclusion or Arbitrary File Read) if the underlying skill code does not properly sanitize or validate the provided path. This constitutes a risky capability without clear malicious intent in the provided documentation, aligning with the 'suspicious' classification for potential vulnerabilities.
- External report
- View on VirusTotal