Weather data loader (both history and forecast)
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears coherent and benign: it fetches weather data from disclosed Open-Meteo endpoints, with normal package-install and location-sharing considerations.
This skill is reasonable for fetching weather data. Before installing, note that it uses Python dependencies from pip and sends queried locations or coordinates to Open-Meteo; there is no evidence of credential use, persistence, destructive behavior, or hidden data collection.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill dependencies may install newer package versions than the author tested.
The skill depends on third-party Python packages with broad lower-bound version ranges. These are common and purpose-aligned, but users should notice that installation pulls packages from the Python package ecosystem without exact version pinning.
pandas>=2.0.0 requests>=2.31.0
Install in a virtual environment and review or pin dependency versions if reproducibility is important.
Locations or coordinates you ask about may be shared with Open-Meteo to fetch results.
A user-provided place name is sent to Open-Meteo's geocoding API. This external data flow is disclosed and necessary for the skill, but it means location queries leave the local environment.
params = {"name": location, "count": 1}
response = requests.get(LATLON_ENDPOINT, params=params)Only query locations you are comfortable sending to the weather provider; use approximate coordinates or less specific place names if desired.