weather
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is a straightforward weather lookup that runs an included Python script and queries Open-Meteo; no credential use, persistence, or data-changing behavior is shown.
This looks safe for ordinary weather queries. Be aware that it runs a local Python script, may ask you to install the common `requests` package if absent, and sends the city name you ask about to Open-Meteo.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill will execute local Python code when used, but the shown command is scoped to the included weather script and passes the city input safely via stdin.
The skill explicitly asks the agent to use Bash to run an included Python helper script. This is disclosed and central to the weather-query purpose.
allowed-tools: Bash ... printf '%s\n' "$ARGUMENTS" | python3 "scripts/weather.py"
Install only if you are comfortable running the included Python script, and review future updates before use.
A user may need to install an external Python package before the skill works.
The script requires the third-party `requests` package and suggests a manual pip install if it is missing, while the registry metadata lists no required binaries or install spec.
except ImportError: ... print(" pip install requests")Prefer a declared, pinned dependency or install instructions from the skill publisher before installing missing packages.
The weather service can see the city or place name being queried, but no credentials or local files are shown being sent.
The skill sends the requested city name to Open-Meteo for geocoding and later queries the Open-Meteo forecast API for current weather.
url = "https://geocoding-api.open-meteo.com/v1/search" ... response = requests.get(url, params=params, timeout=10)
Avoid entering sensitive private locations if you do not want them shared with the weather API provider.