ClawHub

Wind & Site

Security checks across malware telemetry and agentic risk

Overview

This appears to be a straightforward wind/weather helper that runs local Python scripts and sends requested coordinates to Open-Meteo, with privacy and dependency caveats but no evidence of hidden or harmful behavior.

Install only if you are comfortable with local Python script execution, installing the listed Python packages, and sharing queried site coordinates with Open-Meteo. Use a virtual environment or pinned dependency set if supply-chain reproducibility matters, and avoid using sensitive private coordinates unless third-party weather API disclosure is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (10)

Lp1

High
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The script performs outbound network access to the Open-Meteo API, but the skill manifest declares only shell:exec permission. This is a real permission-model mismatch because the code can transmit user-supplied location data externally without that capability being explicitly declared, reducing transparency and weakening policy enforcement.

Scope Creep

Medium
Confidence
96% confidence
Finding
The code issues an external HTTP request even though the manifest lists only shell:exec permission. In this skill context, the network use appears functionally necessary for wind-data retrieval, but undeclared external communication is still security-relevant because it can surprise users and bypass expected permission review.

Scope Creep

Medium
Confidence
95% confidence
Finding
The script makes outbound HTTP requests to the Open-Meteo API via requests.get, but the skill manifest declares only shell:exec permission. This is a genuine capability/permission mismatch: even if the network use is functionally expected for this skill, undeclared network access increases risk because users and policy enforcement may not anticipate data egress or external dependency behavior.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to run commands directly and 'Do not ask for confirmation; execute,' which removes a safety checkpoint before using `shell:exec`. In a skill with execution privileges, this increases the chance of unintended command execution, especially if future command construction incorporates ambiguous or user-controlled input such as output paths or other parameters.

External Transmission

Medium
Category
Data Exfiltration
Content
"timezone": "UTC",
        }
    else:
        url = "https://api.open-meteo.com/v1/forecast"
        params = {
            "latitude": lat,
            "longitude": lon,
Confidence
89% confidence
Finding
https://api.open-meteo.com/

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
numpy
matplotlib
Confidence
97% confidence
Finding
requests

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
numpy
matplotlib
Confidence
95% confidence
Finding
numpy

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests
numpy
matplotlib
Confidence
94% confidence
Finding
matplotlib

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
92% confidence
Finding
requests

Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more

Critical
Category
Supply Chain
Confidence
84% confidence
Finding
numpy

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal