External Transmission
Medium
- Category
- Data Exfiltration
- Content
### Current Weather ```bash curl -s "https://api.openmeteo-api.com/api/current?location=CITY" ``` ### Multi-Day Forecast
- Confidence
- 95% confidence
- Finding
- https://api.openmeteo-api.com/
Weather Forecast Premium
Security checks across malware telemetry and agentic risk
Overview
This is a coherent weather lookup skill that openly sends requested locations to a third-party weather wrapper and upstream providers.
Install only if you are comfortable sending weather locations to api.openmeteo-api.com and its upstream providers. Avoid precise sensitive locations when not needed, and ensure the agent encodes location text safely before running the curl examples.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (9)
External Transmission
Medium
- Category
- Data Exfiltration
- Content
### Multi-Day Forecast ```bash curl -s "https://api.openmeteo-api.com/api/forecast?location=CITY&days=5" ``` ### Air Quality
- Confidence
- 95% confidence
- Finding
- https://api.openmeteo-api.com/
External Transmission
Medium
- Category
- Data Exfiltration
- Content
### Air Quality ```bash curl -s "https://api.openmeteo-api.com/api/air-quality?location=CITY" ``` ### UV Index
- Confidence
- 95% confidence
- Finding
- https://api.openmeteo-api.com/
External Transmission
Medium
- Category
- Data Exfiltration
- Content
### UV Index ```bash curl -s "https://api.openmeteo-api.com/api/uv?location=CITY" ``` ### Severe Weather Alerts
- Confidence
- 95% confidence
- Finding
- https://api.openmeteo-api.com/
External Transmission
Medium
- Category
- Data Exfiltration
- Content
### Severe Weather Alerts ```bash curl -s "https://api.openmeteo-api.com/api/alerts?location=CITY" ``` ### Quick One-Liner
- Confidence
- 95% confidence
- Finding
- https://api.openmeteo-api.com/
External Transmission
Medium
- Category
- Data Exfiltration
- Content
### Quick One-Liner ```bash curl -s "https://api.openmeteo-api.com/api/quick?location=CITY" ``` ## About This API
- Confidence
- 95% confidence
- Finding
- https://api.openmeteo-api.com/
External Transmission
Medium
- Category
- Data Exfiltration
- Content
- **Upstream sources**: All weather data originates from [open-meteo.com](https://open-meteo.com) (free, open-source) and [wttr.in](https://wttr.in). This wrapper does not generate any weather data itself. - **Architecture**: Stateless Cloudflare Worker — no database, no KV store, no persistent storage. Requests are proxied to upstream APIs in real time. - **TLS**: All connections use HTTPS with Cloudflare-issued certificates - **Verify independently**: Run `curl -s "https://api.openmeteo-api.com/api/current?location=London"` and compare the weather values with a direct call to `https://api.open-meteo.com/v1/forecast?latitude=51.51&longitude=-0.13¤t=temperature_2m` — they will match because the data comes from the same upstream source. ## Verify It Yourself
- Confidence
- 89% confidence
- Finding
- https://api.openmeteo-api.com/
External Transmission
Medium
- Category
- Data Exfiltration
- Content
- **Upstream sources**: All weather data originates from [open-meteo.com](https://open-meteo.com) (free, open-source) and [wttr.in](https://wttr.in). This wrapper does not generate any weather data itself. - **Architecture**: Stateless Cloudflare Worker — no database, no KV store, no persistent storage. Requests are proxied to upstream APIs in real time. - **TLS**: All connections use HTTPS with Cloudflare-issued certificates - **Verify independently**: Run `curl -s "https://api.openmeteo-api.com/api/current?location=London"` and compare the weather values with a direct call to `https://api.open-meteo.com/v1/forecast?latitude=51.51&longitude=-0.13¤t=temperature_2m` — they will match because the data comes from the same upstream source. ## Verify It Yourself
- Confidence
- 89% confidence
- Finding
- https://api.open-meteo.com/
External Transmission
Medium
- Category
- Data Exfiltration
- Content
You can test the API directly before installing: ```bash curl -s "https://api.openmeteo-api.com/api/current?location=London" ``` Expected response (JSON):
- Confidence
- 94% confidence
- Finding
- https://api.openmeteo-api.com/
VirusTotal
66/66 vendors flagged this skill as clean.