Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the included Python implementation: it fetches data from weather.com.cn, parses forecasts and optional life indices, and uses a local citys.txt as a cache. No unrelated capabilities (cloud credentials, crypto, elevated system access) are requested.
Instruction Scope
SKILL.md instructs running python weather.py and provides curl/agent-browser fallbacks — all aligned with weather lookup. The runtime code performs network requests to weather.com.cn (and the toy1 search endpoint) and will append new city codes to citys.txt in the same directory. Note: the skill reads and may write this local file (append mode).
Install Mechanism
No install spec, no external package downloads or binaries; the skill is instruction+script only and uses only the Python standard library (urllib, HTMLParser).
Credentials
The skill declares no required environment variables, credentials, or config paths. The code does not attempt to read extraneous env vars or secret stores.
Persistence & Privilege
always:false and no automatic system-wide changes. The only persistence is appending discovered city_name,city_code lines to citys.txt in the skill directory (documented behavior). This requires write permission to that directory but does not modify other files or system settings.
Assessment
This tool appears to do what it says: fetch weather pages from weather.com.cn, parse them, and cache discovered city codes in a local citys.txt file. It does not request API keys or other secrets. Consider these practical points before installing: (1) network access is required to weather.com.cn (and optional fallbacks like open-meteo/wttr.in); (2) the script will append queried city names/codes to citys.txt in the same folder — if you run it from a sensitive directory it will attempt to write there; (3) city names come from user input and are written to the cache without sanitization (low risk, but you may prefer to run in a dedicated directory or inspect the file periodically); (4) no third‑party packages are installed. If you need extra assurance, review the full weather.py file locally or run the script in a sandboxed environment before granting it broader access.Like a lobster shell, security has layers — review code before you run it.
latestvk970tmrvfztvqmwswy7yvd3sc583ax6f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.