彩云天气 / Caiyun Weather
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: caiyun-weather Version: 1.2.0 The skill is a legitimate weather query tool using the Caiyun Weather API. It uses standard Python libraries to fetch data from official endpoints (api.caiyunapp.com) and OpenStreetMap (nominatim.openstreetmap.org) for geocoding, with no evidence of data exfiltration, malicious execution, or prompt injection in scripts/caiyun_weather.py or SKILL.md.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can use the configured Caiyun Weather API token when answering weather questions.
The skill requires an API credential to access Caiyun Weather, which is expected for its stated purpose but still gives the agent use of that API key and its quota.
Requires CAIYUN_WEATHER_API_TOKEN.
Use a dedicated, low-risk Caiyun API token if possible, avoid sharing the token in chats, and monitor API usage or quota.
City names or coordinates used in weather queries may be sent to external services.
The script sends weather requests to Caiyun and sends non-built-in city names to OpenStreetMap Nominatim for geocoding; this is disclosed and purpose-aligned, but it is an external data flow.
API_BASE = "https://api.caiyunapp.com/v2.6" ... "https://nominatim.openstreetmap.org/search?q={encoded}&format=json&limit=1"Avoid querying highly sensitive precise locations if that privacy exposure matters; use built-in city names or manually supplied coordinates when appropriate.