Back to skill
Skillv1.2.2
ClawScan security
QWeather China · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewApr 12, 2026, 11:40 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to implement a China-focused QWeather client and requests the expected private-key/JWT config, but there are metadata inconsistencies (registry metadata vs SKILL.md) and packaging/install gaps you should review before trusting sensitive credentials.
- Guidance
- This package largely looks like a legitimate QWeather client, but there are a few red flags to check before installing or providing credentials: - Resolve metadata mismatch: the registry summary showed no required env vars while SKILL.md requires QWEATHER_API_HOST, QWEATHER_PROJECT_ID, QWEATHER_CREDENTIALS_ID and QWEATHER_PRIVATE_KEY_PATH. Confirm which is authoritative. - Inspect install.sh / install.bat before running. Look for network downloads, pip installs, or commands that change system files or permissions. - Review qweather.py and install scripts to ensure they only call qweatherapi endpoints and do not exfiltrate data to other domains. SKILL.md declares network endpoints limited to *.qweatherapi.com — confirm the code adheres to that. - Protect your private key: use a dedicated key with least privilege, store it at the indicated path (~/.config/qweather/private.pem) with 600 permissions, and do not reuse OpenClaw/agent keys. - If you want higher assurance, ask the publisher for a public git repository/commit history and a simple README showing the exact runtime env variables used; or run the code in an isolated environment/container and monitor outbound connections when exercising the skill. Given the metadata inconsistencies and presence of installer scripts (but otherwise coherent purpose), treat this as suspicious until you validate the items above.
Review Dimensions
- Purpose & Capability
- noteThe name/description (QWeather China) align with the code and runtime instructions: the skill uses a QWeather API client, handles locations, caching, and produces weather outputs. However the registry metadata at the top of the submission lists no required environment variables while the included SKILL.md explicitly requires QWEATHER_API_HOST, QWEATHER_PROJECT_ID, QWEATHER_CREDENTIALS_ID and QWEATHER_PRIVATE_KEY_PATH — an inconsistency in declared requirements that should be resolved.
- Instruction Scope
- okSKILL.md and the python sources limit behavior to weather-related actions: reading config (~/.config/qweather/config.json), reading private key (~/.config/qweather/private.pem), writing/reading cache (~/.cache/qweather) and calling qweatherapi endpoints. The docs explicitly disallow web_search and call out the needed files. Some comments mention reading a 'memory' (MEMORY.md) for remembered city but the code shown does not perform broad arbitrary file collection; still verify any memory-reading code before install.
- Install Mechanism
- noteNo formal install spec was provided to the platform (the skill is marked as having 'No install spec / instruction-only'), yet the bundle includes many source files and install.sh/install.bat scripts. That is not necessarily malicious, but you should inspect install.sh / install.bat for network downloads or commands executed with elevated privileges before running them. There is no evidence of downloads from arbitrary servers in the provided metadata, but the presence of installer scripts increases the importance of manual review.
- Credentials
- noteThe environment variables declared in SKILL.md (API host, project id, credentials id, private key path) are expected for JWT-based QWeather API access and are proportional to the skill's purpose. These are sensitive (private key path and credential identifiers). The top-level registry metadata omitted these env vars, creating an information mismatch—verify which envs the runtime actually reads and avoid supplying unrelated credentials. The skill restricts network endpoints to *.qweatherapi.com in metadata, which is appropriate.
- Persistence & Privilege
- okThe skill does not request always:true and is user-invocable with normal autonomous invocation allowed (platform default). It requests read access to its own config/private key and read/write cache in ~/.cache/qweather — scopes that are reasonable for this client. It does not declare or appear to modify other skills or system-wide agent settings.