ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Climate

Climate - command-line tool for everyday use

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 43 · 0 current installs · 0 all-time installs
bybytesagain4@xueyetianya
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims a configurable data directory via CLIMATE_DIR in SKILL.md, but the included script hard-codes DATA_DIR='${HOME}/.local/share/climate' and never reads CLIMATE_DIR. Also the registry metadata version (1.0.2) does not match the SKILL.md/script version (2.0.0). These mismatches suggest the packaging or documentation is out of sync with the code.
Instruction Scope
SKILL.md describes only local CLI operations (stats, export, search, logs). The script implements those functions and operates solely on files under the user data directory; it does not call network endpoints. However SKILL.md and script diverge on CLIMATE_DIR behavior, and the SKILL.md gives external support links (bytesagain.com) that the script does not use.
Install Mechanism
No install spec is provided (instruction-only), which is low risk; there is a bundled script file but nothing in the metadata attempts to download or execute remote code during install.
Credentials
The skill declares no required environment variables or credentials. SKILL.md advertises CLIMATE_DIR to change the data directory, but the script ignores that variable — an inconsistency but not a secret-exfiltration risk.
Persistence & Privilege
always is false and there are no privileged operations. The script writes and reads files under ~/.local/share/climate, which is appropriate for a local CLI tool. No system-wide config or other skills' credentials are accessed.
What to consider before installing
This skill mostly matches its stated purpose (a local CLI that logs to your home directory) and does not perform network I/O, but there are a few red flags to consider before installing: - Documentation vs code mismatch: SKILL.md says you can set CLIMATE_DIR, but the included script ignores that and always uses ~/.local/share/climate. If you need data in a different location this will not work as advertised. - Version mismatch: registry metadata lists version 1.0.2 while SKILL.md and the script report v2.0.0. That could mean the package is outdated, incorrectly published, or the files don’t match the registry entry. - Data export issues: the script writes JSON/CSV by simple string formatting without escaping user-supplied values; exporting data that contains quotes, commas, or control characters may produce malformed output. Recommendations: - If you want this tool, ask the author (or maintainer) to confirm which version is authoritative and to update the script to honor CLIMATE_DIR or update the docs. - Inspect the remainder of the script (it was truncated in the bundle) to ensure there are no hidden network calls or commands invoked later. - Run the tool in an isolated environment (or sandbox user account) first to verify behavior and to ensure it only writes under your home directory. - Do not grant any extra credentials or system privileges to the skill; it should run as a normal user and only need access to its data directory. If the author confirms the mismatches are benign (docs out-of-date) and the rest of the script contains no network calls, the skill is probably fine for local use. If the author cannot explain the inconsistencies, treat the package as untrustworthy and avoid installing it.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2
Download zip
latestvk97c4fktfe4frjqvywhrnwx2wh830gt6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Climate

Climate data toolkit — temperature trends, carbon tracking, weather patterns, and reports.

Commands

CommandDescription
climate helpShow usage info
climate runRun main task
climate statusCheck state
climate listList items
climate add <item>Add item
climate export <fmt>Export data

Usage

climate help
climate run
climate status

Examples

climate help
climate run
climate export json

Output

Results go to stdout. Save with climate run > output.txt.

Configuration

Set CLIMATE_DIR to change data directory. Default: ~/.local/share/climate/

Powered by BytesAgain | bytesagain.com Feedback & Feature Requests: https://bytesagain.com/feedback

Features

  • Simple command-line interface for quick access
  • Local data storage with JSON/CSV export
  • History tracking and activity logs
  • Search across all entries
  • Status monitoring and health checks
  • No external dependencies required

Quick Start

# Check status
climate status

# View help and available commands
climate help

# View statistics
climate stats

# Export your data
climate export json

How It Works

Climate stores all data locally in ~/.local/share/climate/. Each command logs activity with timestamps for full traceability. Use stats to see a summary, or export to back up your data in JSON, CSV, or plain text format.

Support

Powered by BytesAgain | bytesagain.com

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…