ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mars Weather AI

v1.0.0

Get current weather and forecasts (no API key required).

0· 60·0 current·0 all-time
by@mars82311111·duplicate of @99percentgod/weather-1-0-0
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill is named and published as 'Mars Weather AI' but the SKILL.md and examples call the skill 'weather' and only show Earth-weather endpoints (wttr.in and Open‑Meteo). The registry metadata (slug ownerId) differs from the _meta.json contents (different ownerId and slug), which is an incoherence in identity/branding.
Instruction Scope
SKILL.md contains only concrete curl examples against public endpoints (wttr.in and api.open-meteo.com). There are no instructions to read local files, inspect environment variables, or send data to unexpected endpoints beyond the documented services.
Install Mechanism
No install spec and no code files — instruction-only. This is low-risk: nothing is downloaded or written to disk by the skill itself (examples do show saving a PNG to /tmp as a usage example, which is benign).
Credentials
The skill requires only curl and declares no environment variables or credentials, which is proportionate for making web requests to public weather services.
Persistence & Privilege
Default invocation settings (not always, agent-invocable) are used. The skill does not request elevated or persistent system privileges.
What to consider before installing
This appears to be a simple Earth-weather helper that uses wttr.in and Open‑Meteo via curl. However, the skill name and some registry metadata do not match the contained SKILL.md ("Mars Weather AI" vs examples for Earth cities; mismatched ownerId/slug). If you expected Mars-specific data, this skill is not that. If you still want to install it, verify the publisher (ownerId) and confirm the intended purpose. Also remember that using the skill will cause your agent to make outbound requests to wttr.in and open-meteo with whatever location you pass — avoid sending sensitive or precise personal-location data unless you trust those services.

Like a lobster shell, security has layers — review code before you run it.

aivk972gdgbcr8t2agzyq2cg4grs183zd4bforecastvk972gdgbcr8t2agzyq2cg4grs183zd4blatestvk972gdgbcr8t2agzyq2cg4grs183zd4bweathervk972gdgbcr8t2agzyq2cg4grs183zd4b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌤️ Clawdis
Binscurl

Comments