ClawHub

OpenWeatherMap Weather

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward weather skill that uses OpenWeatherMap as disclosed and does not include hidden code or installation behavior.

Install only if you are comfortable sharing weather query locations with OpenWeatherMap and providing an API key. Prefer city-level queries over precise coordinates when possible, and use a dedicated API key that can be rotated if exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

External Transmission

Medium
Category
Data Exfiltration
Content
### By City Name
```
GET https://api.openweathermap.org/data/2.5/weather?q={city},{country_code}&appid={API_KEY}&units={units}
```

### By Coordinates
Confidence
89% confidence
Finding
https://api.openweathermap.org/

External Transmission

Medium
Category
Data Exfiltration
Content
### By Coordinates
```
GET https://api.openweathermap.org/data/2.5/weather?lat={lat}&lon={lon}&appid={API_KEY}&units={units}
```

### Parameters
Confidence
89% confidence
Finding
https://api.openweathermap.org/

External Transmission

Medium
Category
Data Exfiltration
Content
## Forecast API (5 Day / 3 Hour)

```
GET https://api.openweathermap.org/data/2.5/forecast?q={city}&appid={API_KEY}&units=imperial
```

Returns forecast data in 3-hour intervals for 5 days.
Confidence
86% confidence
Finding
https://api.openweathermap.org/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal