KnowAir Minutely 明气分钟级降水
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it claims: query Caiyun’s weather API for short-term precipitation forecasts using a user-provided API token and coordinates.
Before installing, confirm you are comfortable giving the skill access to a Caiyun API token and sending queried coordinates to Caiyun’s API. The included code is small and purpose-aligned, with no evidence of hidden persistence, destructive actions, or unrelated data access.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run a local Python command to call the weather API.
The skill permits Python commands through Bash, which is needed to run the included weather-query script but is broader than a single fixed command.
allowed-tools: ["Bash(python3:*)", "Read"]
Use it for the documented script invocation and review any unexpected Python command before allowing it.
Your Caiyun API token and requested coordinates are sent to Caiyun to retrieve the forecast.
The script reads a Caiyun API token from the environment or a clearly named local config file and uses it to authenticate to the Caiyun API.
token = os.environ.get("CAIYUN_TOKEN") ... config_path = os.path.expanduser("~/.config/knowair/token") ... url = f"{API_BASE}/{token}/{args.lng},{args.lat}/minutely?lang={args.lang}"Provide a token intended for Caiyun Weather API use, and avoid using the skill for locations you do not want sent to that provider.