Weather
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This weather skill is coherent and benign; it uses curl to query public weather services, so requested locations are sent to those services.
This skill appears safe for normal weather lookups. Before using it, remember that the location you ask about is sent to wttr.in or Open-Meteo; avoid precise home coordinates if that matters to you.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Weather queries may reveal the requested city, airport code, or coordinates to wttr.in or Open-Meteo.
The skill relies on curl to send user-selected location queries to external weather services. This is purpose-aligned and disclosed, but users should understand the network disclosure.
curl -s "wttr.in/London?format=3" ... curl -s "https://api.open-meteo.com/v1/forecast?latitude=51.5&longitude=-0.12¤t_weather=true"
Use coarse locations such as city names or airport codes if you do not want to share precise coordinates.