Swiss-Weather
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: swissweather Version: 1.0.0 The skill bundle is benign. All scripts (`current_weather_curl.sh`, `current_weather.py`, `forecast.py`) interact exclusively with official MeteoSwiss domains (`data.geo.admin.ch`, `app-prod-ws.meteoswiss-app.ch`) to fetch public weather data. There is no evidence of data exfiltration, malicious execution (e.g., `curl|bash`, `eval`), persistence mechanisms, or attempts to access sensitive local files. The `SKILL.md` instructions are clear, transparent, and directly align with the stated purpose, showing no signs of prompt injection aimed at subverting the agent's behavior.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Postal-code forecast queries are sent to an external MeteoSwiss service.
Forecast lookups send the requested Swiss postal code to a MeteoSwiss endpoint. This is disclosed and central to the skill's purpose, and the artifacts do not show credentials or local files being sent.
FORECAST_URL = "https://app-prod-ws.meteoswiss-app.ch/v1/plzDetail?plz={plz:06d}"Use the skill for Swiss weather queries when you are comfortable sharing the queried postal code with MeteoSwiss.
If using the Python scripts, the user may install an external package into their environment.
The Python scripts require the third-party requests package, and the documentation gives an unpinned manual install command rather than a reviewed install spec. This is purpose-aligned but leaves package trust/version control to the user.
## Dependencies ```bash pip3 install requests ```
Install requests from a trusted package source or use a pinned/managed environment if supply-chain control matters.