ClawHub

Caiyun Weather

v1.1.0

通过彩云天气 API 查询天气数据 — 实时天气、逐小时/一周预报、历史天气和天气预警。当用户询问任何城市的天气、温度、空气质量、天气预报、降雨概率、历史天气或天气预警时使用此技能。需要设置 CAIYUN_WEATHER_API_TOKEN 环境变量。Use when: user asks about curre...

1· 514·7 current·7 all-time
byJeff@tjefferson
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Caiyun weather) match the actual behavior. Requested binary (python3) and required env var (CAIYUN_WEATHER_API_TOKEN) are appropriate and expected for calling the Caiyun Weather API. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md directs the agent to run the included Python script which performs only weather-related operations. The script makes outbound HTTPS requests to Caiyun (API_BASE) and uses Nominatim/OpenStreetMap as a geocoding fallback; this is expected but means user queries and coordinates will be sent to those external services. The instructions do not attempt to read local files or other env vars beyond the declared token.
Install Mechanism
No install spec — instruction-only with an included Python script. No external installers or downloads are performed. This has minimal install risk; the only runtime requirement is python3 being present.
Credentials
Only CAIYUN_WEATHER_API_TOKEN is required and is used as the primary credential. That is proportionate for this skill. Note: the token is included in request URLs to the Caiyun API and will be sent over the network to the Caiyun service.
Persistence & Privilege
The skill does not request permanent/always presence and does not modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but not combined with any elevated privileges.
Assessment
This skill appears to do what it says: it runs a bundled Python script that calls Caiyun's API and, if needed, OpenStreetMap's Nominatim for geocoding. Before installing: (1) Be aware your queries/coordinates and the CAIYUN_WEATHER_API_TOKEN will be sent to Caiyun (token appears in the request URL) and geocoding queries go to OpenStreetMap—only install if you trust those services. (2) Store a token with least privilege and consider rotating it if leaked. (3) Watch rate limits and avoid frequent automated requests. (4) You can inspect the included script (scripts/caiyun_weather.py) — it contains no obfuscated code or hidden endpoints. If you need stronger privacy, avoid supplying precise coordinates or use a local/geolocation service you control.

Like a lobster shell, security has layers — review code before you run it.

latestvk974ttvxmz5e2rp5tcjnjxwvd181zm5k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
EnvCAIYUN_WEATHER_API_TOKEN
Primary envCAIYUN_WEATHER_API_TOKEN

Comments