Tempest Weather
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: tempest-weather Version: 1.1.0 The OpenClaw skill 'tempest-weather' is benign. The `get_tempest_weather.py` script correctly fetches weather data from the hardcoded WeatherFlow Tempest REST API (`https://swd.weatherflow.com/swd/rest`) using `urllib.request`. It handles API tokens securely by expecting them from environment variables or CLI arguments and redacting them in output URLs. The `SKILL.md` and `README.md` provide clear, functional instructions for the AI agent and do not contain any prompt injection attempts or directives for malicious actions. The `package_clean.sh` script is a standard build script that uses `rsync` to clean the package and calls the OpenClaw framework's `package_skill.py`.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use your Tempest token to read weather observations and historical stats for the configured station/device.
The skill requires a Tempest API token and station/device identifiers to access the user's Tempest data. This is expected for the stated WeatherFlow integration, but it is still credential-based account access.
`TEMPEST_API_TOKEN` (required) ... `TEMPEST_STATION_ID` ... `TEMPEST_DEVICE_ID`
Use a Tempest token intended for this purpose, keep it in environment configuration rather than sharing it in prompts, and rotate it if it is exposed.
You may have less assurance that the packaged artifacts exactly match the public repository.
The registry metadata does not identify a verified source, although it provides a project homepage. This is a provenance note, not evidence of malicious behavior.
Source: unknown; Homepage: https://github.com/wranglerdriver/tempest-weather
If provenance matters, compare the installed skill files with the linked repository before trusting it with your API token.