Weather TV style
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: weather-infographic Version: 1.0.2 The skill is designed to generate a weather infographic using the Gemini API and Open-Meteo weather data. It requires a `GEMINI_API_KEY` (declared in `SKILL.md`), installs standard Python dependencies (`google-generativeai`, `requests`), fetches weather data from a legitimate public API (`api.open-meteo.com`), and saves the generated image locally. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection against the OpenClaw agent. The prompts constructed for the Gemini model are for image generation and do not contain harmful instructions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the install command outside an isolated environment could change or break existing Python packages on the user's system.
The dependency install is disclosed and related to the skill, but it upgrades unpinned packages and uses --break-system-packages, which can alter a user's Python environment more broadly than a virtual environment install.
"command":"pip install -U google-generativeai requests --break-system-packages"
Install dependencies in a virtual environment and prefer pinned package versions without --break-system-packages when possible.
The skill can consume Gemini API quota or billing associated with the provided key.
The skill uses the user's Gemini API key to generate images. This is expected for the stated purpose and no hardcoded, logged, or unrelated credential handling is shown.
api_key = os.environ.get("GEMINI_API_KEY") ... client = genai.Client(api_key=api_key, http_options={'api_version': 'v1alpha'})Use a dedicated or limited-scope Gemini API key if available, and monitor API usage.
Specific addresses or coordinates may leave the local environment and be processed by external services.
Coordinates are sent to Open-Meteo for weather data, and the address is included in prompts sent to Gemini for image generation. These external calls are purpose-aligned and disclosed by the skill's weather/image-generation purpose.
OPEN_METEO_URL = "https://api.open-meteo.com/v1/forecast" ... "latitude": lat, "longitude": lon ... bg_prompt = f"Generate ... landscape photograph of {address} during {season}."Only use addresses or coordinates you are comfortable sending to Open-Meteo and Google Gemini; use a less precise location if privacy is a concern.