Tempest Weather
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent WeatherFlow Tempest weather integration, but users should note it uses a personal API token and may return station metadata such as exact coordinates.
Before installing, confirm you are comfortable giving the agent access to your Tempest token and station ID. The skill appears purpose-aligned and non-destructive, but its output may include exact station location metadata; remove those fields if you do not want them exposed in conversations.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed and configured, the agent can use the Tempest token to read the configured station's live observations and related station data.
The script uses the user's Tempest personal access token to query the WeatherFlow API. This is expected for the skill's purpose and is not hardcoded, but it is still account-linked authority.
parser.add_argument("--token", default=os.environ.get("TEMPEST_TOKEN"), help="API token") ... resp = requests.get(url, params={"token": token}, timeout=10)Use a token intended for this integration, keep it out of shared logs or prompts, and revoke it from Tempest if you stop using the skill.
Weather responses may expose the physical location of the configured station to the agent conversation or anyone who can see the output.
The normalized output includes exact station location metadata. This comes from the Tempest API and is purpose-adjacent, but it may reveal a home or device location.
"latitude": data.get("latitude"),
"longitude": data.get("longitude"),
"timezone": data.get("timezone"),
"elevation_m": data.get("elevation")Only use this skill in contexts where returning station location metadata is acceptable, or modify the script to omit latitude and longitude if you only need weather readings.
If the user installs dependencies manually, they rely on the current package available from their Python package index.
The setup guidance references installing an unpinned Python dependency. This is not automatic and is normal for a Python-based API client, but it depends on the user's package source.
- `curl` or `requests` (`pip install requests`)
Install dependencies from a trusted environment and consider pinning a known-good `requests` version if you manage this skill in a reproducible setup.