ClawHub

Aemet

v1.0.3

Weather alerts and forecasts from AEMET OpenData for Spain

0· 49·0 current·0 all-time
by@pablomartinezcrespo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (AEMET weather/alerts) match the included shell script and README: the script queries AEMET OpenData endpoints, parses XML/JSON, and caches results. There are no unrelated credentials, binaries, or third-party services requested that would be out-of-scope for a weather skill.
Instruction Scope
SKILL.md instructs the agent to store a single AEMET API key in ~/.openclaw/credentials and to install common CLI deps (curl, jq, xmllint). The runtime script only reads that API key and manages caches under ~/.openclaw/cache and workspace/skills/aemet. It does not attempt to read other system credentials or contact endpoints outside AEMET's API.
Install Mechanism
This is an instruction-only skill with a bundled shell script (no external download/install spec). The script makes network requests only to AEMET OpenData URLs. The SKILL.md suggests installing packages via apt (Debian/Ubuntu), which is a platform assumption but not a hidden or high-risk install mechanism.
Credentials
No environment variables or unrelated secrets are requested. The skill asks the user to place a single AEMET API key in a local file (~/.openclaw/credentials/aemet-api-key.txt) and uses that key solely to call AEMET endpoints. Cache files are kept under ~/.openclaw/cache, which is proportionate to the stated caching behavior.
Persistence & Privilege
The skill is not set to always:true and does not declare elevated privileges. It writes only its own cache and uses its own workspace paths; it does not modify other skills or global agent configuration.
Assessment
This skill appears to be what it claims: a wrapper around the AEMET OpenData API. Before installing, verify you are comfortable storing your AEMET API key at ~/.openclaw/credentials/aemet-api-key.txt (the script will read that file and send the key to api.aemet.es as part of normal API calls). Review the bundled aemet.sh yourself if you have concerns — it is short and readable and only accesses ~/.openclaw paths. Note that the SKILL.md suggests installing dependencies via apt (Debian/Ubuntu); on other OSes you must install equivalent packages. There are minor documentation inconsistencies (e.g., differing stated rate limits between README and SKILL.md), but these are informational rather than malicious. If you want extra safety, run the script in a restricted environment (container or limited user account) and do not place other credentials in the ~/.openclaw directory.

Like a lobster shell, security has layers — review code before you run it.

latestvk9700dfht4ev60f9ewq07bttss847atw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments