Google Weather
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a straightforward Google Weather helper, but it uses local command execution, a Google API key, and sends requested locations to Google APIs.
This looks reasonable for a weather skill. Before installing, make sure you are comfortable providing a Google API key and sending queried locations to Google, and use a restricted API key with quotas where possible.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can run the weather helper locally when using this skill.
The skill permits local command execution, which is used to run the bundled weather helper.
allowed-tools: [exec]
Install only if you are comfortable with the agent invoking the included Python helper, and avoid asking it to run modified shell commands outside the documented examples.
The skill can use the configured Google API key and may incur API usage or billing according to that key's permissions.
The helper reads Google API credentials from environment variables so it can call Google Weather and Maps APIs.
self.api_key = os.getenv("GOOGLE_API_KEY") or os.getenv("GOOGLE_WEATHER_API_KEY") or os.getenv("GOOGLE_MAPS_API_KEY")Use a Google API key scoped to only the needed Weather and Geocoding APIs, with quota and billing limits where possible.
Locations, addresses, landmarks, or coordinates you ask about may be shared with Google as part of the weather lookup.
The helper sends requested locations to Google's Geocoding API before calling the Weather API.
self.geocode_url = "https://maps.googleapis.com/maps/api/geocode/json"
Avoid entering sensitive private addresses unless you are comfortable sending them to Google APIs.