Weather Api 1
PassAudited by ClawScan on May 1, 2026.
Overview
This weather skill appears purpose-aligned and benign, with only minor notes about using an external weather API and inconsistent package metadata.
This skill looks safe for its stated purpose. Before using it, be aware that weather lookups require sending site coordinates to Open-Meteo, and check the package version if you need strict provenance tracking.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may share construction site coordinates and requested forecast or historical date ranges with Open-Meteo.
The skill discloses that it calls an external weather provider using latitude and longitude. This is expected for weather data, but site coordinates can be sensitive business information.
OPEN_METEO_BASE = "https://api.open-meteo.com/v1" ... params = { 'latitude': latitude, 'longitude': longitude, ... }Use only coordinates you are comfortable sending to the external weather provider, and avoid entering sensitive project details beyond what is needed for the weather query.
The package metadata may be stale or inconsistent, which can make it harder to confirm the exact published version.
The registry metadata lists version 1.0.1, while _meta.json lists version 1.0.0. This is a minor packaging/provenance inconsistency, not evidence of malicious behavior.
"slug": "weather-api-1", "version": "1.0.0"
Confirm you are installing the intended package/version from the registry, especially if the skill is later updated with executable files.