Weather TV style
PassAudited by ClawScan on May 1, 2026.
Overview
The skill matches its advertised purpose, but users should notice that it sends location details to external weather/image services and has a disclosed dependency install command that can affect the Python environment.
This skill appears safe for its stated purpose. Before installing, use a virtual environment for the dependency install, provide a Gemini API key you are comfortable using for image generation, and avoid entering exact private addresses unless you are comfortable sharing them with the external services used.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the install command outside an isolated environment could change or break existing Python packages on the user's system.
The dependency install is disclosed and related to the skill, but it upgrades unpinned packages and uses --break-system-packages, which can alter a user's Python environment more broadly than a virtual environment install.
"command":"pip install -U google-generativeai requests --break-system-packages"
Install dependencies in a virtual environment and prefer pinned package versions without --break-system-packages when possible.
The skill can consume Gemini API quota or billing associated with the provided key.
The skill uses the user's Gemini API key to generate images. This is expected for the stated purpose and no hardcoded, logged, or unrelated credential handling is shown.
api_key = os.environ.get("GEMINI_API_KEY") ... client = genai.Client(api_key=api_key, http_options={'api_version': 'v1alpha'})Use a dedicated or limited-scope Gemini API key if available, and monitor API usage.
Specific addresses or coordinates may leave the local environment and be processed by external services.
Coordinates are sent to Open-Meteo for weather data, and the address is included in prompts sent to Gemini for image generation. These external calls are purpose-aligned and disclosed by the skill's weather/image-generation purpose.
OPEN_METEO_URL = "https://api.open-meteo.com/v1/forecast" ... "latitude": lat, "longitude": lon ... bg_prompt = f"Generate ... landscape photograph of {address} during {season}."Only use addresses or coordinates you are comfortable sending to Open-Meteo and Google Gemini; use a less precise location if privacy is a concern.