Weather Api 1
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may share construction site coordinates and requested forecast or historical date ranges with Open-Meteo.
The skill discloses that it calls an external weather provider using latitude and longitude. This is expected for weather data, but site coordinates can be sensitive business information.
OPEN_METEO_BASE = "https://api.open-meteo.com/v1" ... params = { 'latitude': latitude, 'longitude': longitude, ... }Use only coordinates you are comfortable sending to the external weather provider, and avoid entering sensitive project details beyond what is needed for the weather query.
The package metadata may be stale or inconsistent, which can make it harder to confirm the exact published version.
The registry metadata lists version 1.0.1, while _meta.json lists version 1.0.0. This is a minor packaging/provenance inconsistency, not evidence of malicious behavior.
"slug": "weather-api-1", "version": "1.0.0"
Confirm you are installing the intended package/version from the registry, especially if the skill is later updated with executable files.