WeatherPanel Note AI PC
Security checks across malware telemetry and agentic risk
Overview
The skill mostly does weather/dashboard work, but its safety claims are contradicted by code that uses shell execution and obsidian-cli with configurable commands and paths.
Review this skill carefully before installing. If you use it, inspect or remove configurable command overrides, ensure obsidian-cli writes only to the note you expect, and avoid running it with proxy credentials or untrusted configuration values in the environment.
VirusTotal
63/63 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misconfigured or poisoned environment/config value could change what command is executed when the user runs the normal weather workflow.
The summary step builds a shell command string from environment-controlled values and runs it with shell=True, contradicting the documented claim that the summarize subprocess is shell-free and fixed.
SUMMARIZE_BIN = os.environ.get("SUMMARIZE_BIN", "summarize") ... cmd_str = f'"{SUMMARIZE_BIN}" "{url}"' ... subprocess.run(... shell=True,)Use subprocess.run with an argument list and shell=False, URL-encode configurable URL fields, restrict SUMMARIZE_BIN to a safe executable name/path, and update the documentation to match the real behavior.
The skill may append to an unexpected vault or note if environment/config values are wrong, and users would not know from the safety text that obsidian-cli is being used.
The flush step invokes an external Obsidian CLI and appends content to a configurable note path, while SKILL.md says it does not invoke obsidian-cli and writes only to a validated .md path under a configured vault.
OBSIDIAN_BIN = os.environ.get("OBSIDIAN_BIN", "obsidian-cli") ... NOTE_PATH = os.environ.get("OBSIDIAN_NOTE_PATH", "Inbox/WeatherPanel Note AI PC.md") ... cmd = [OBSIDIAN_BIN, "create", NOTE_PATH] ... cmd.extend(["--content", formatted, "--append"])Either implement the documented direct validated file write, or clearly declare obsidian-cli as a dependency and validate the vault and note path before appending.
A user may approve the skill based on safety promises that are not true in the provided implementation.
These safety assurances are directly contradicted by the bundled summarize and flush scripts, which use shell=True and obsidian-cli respectively.
The summary step uses a shell-free subprocess call to the fixed command name `summarize` found on PATH. ... The Obsidian step does **not** invoke `obsidian-cli`; it writes only to a validated `.md` path under a configured vault directory inside the user's home directory.
Correct the SKILL.md safety section so it accurately describes command execution, dependencies, configuration keys, and Obsidian write behavior.
Opening the dashboard may contact third-party services and depends on those remote resources remaining trustworthy and available.
The local dashboard loads JavaScript and fonts from external CDNs, which is common for dashboards but is not disclosed in SKILL.md's local-dashboard description.
<script src="https://cdnjs.cloudflare.com/ajax/libs/Chart.js/4.4.1/chart.umd.min.js"></script> ... @import url('https://fonts.googleapis.com/css2?family=JetBrains+Mono...Disclose the remote dashboard dependencies, or vendor/pin them locally with integrity controls.
Proxy credentials, if embedded in the proxy URL, could appear in the agent transcript or local logs.
The script may echo proxy environment values to logs; proxy URLs sometimes contain usernames or passwords.
http_proxy = os.environ.get("HTTP_PROXY") or os.environ.get("http_proxy") ... if proxies: print(f"[fetch] Using proxy: {proxies}")Mask proxy usernames/passwords before printing, or avoid printing proxy URLs entirely.