WeatherPanel Note AI PC
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill’s weather-dashboard purpose is mostly coherent, but its code contradicts key safety claims by using shell execution and an Obsidian CLI append path that are not clearly bounded.
Review or fix the bundled scripts before installing. In particular, remove shell=True from the summarize step, validate the Obsidian vault and note path, disclose or remove obsidian-cli use, avoid proxy URLs containing credentials, and consider bundling the dashboard’s remote JavaScript/font assets locally.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the environment or config is manipulated, running the skill could execute an unintended local command rather than only summarizing weather.
The summarizer is run through a shell using environment/config-controlled values, contradicting the documented claim that the summary step is shell-free and fixed to the summarize command.
SUMMARIZE_BIN = os.environ.get("SUMMARIZE_BIN", "summarize") ... cmd_str = f'"{SUMMARIZE_BIN}" "{url}"' ... subprocess.run(..., shell=True)Use subprocess.run with an argument list and shell=False, restrict SUMMARIZE_BIN to a known safe executable, and validate weather/config values before building a command.
A normal full run can mutate an Obsidian note through an external CLI, and misconfiguration could target an unexpected note or vault.
The code invokes obsidian-cli to append content, with no visible enforcement that NOTE_PATH is a validated .md path under a vault inside the user’s home directory.
OBSIDIAN_BIN = os.environ.get("OBSIDIAN_BIN", "obsidian-cli") ... cmd = [OBSIDIAN_BIN, "create", NOTE_PATH] ... cmd.extend(["--content", formatted, "--append"])Either update the documentation to disclose obsidian-cli use, or replace it with direct, validated file writes that enforce vault location, .md extension, and path traversal protections.
Users may approve the skill believing it avoids shell execution and external Obsidian tooling when it does not.
These explicit safety claims are contradicted by the bundled source files, making the user-facing security description unreliable.
The summary step uses a shell-free subprocess call ... The Obsidian step does **not** invoke `obsidian-cli`; it writes only to a validated `.md` path
Correct the SKILL.md safety section to match the actual code, and avoid making safety claims unless they are enforced by implementation.
If a user’s proxy URL contains credentials, those credentials could appear in console or agent logs.
Proxy environment variables can contain usernames or passwords, and the script prints the full proxy configuration when present.
http_proxy = os.environ.get("HTTP_PROXY") ... https_proxy = os.environ.get("HTTPS_PROXY") ... print(f"[fetch] Using proxy: {proxies}")Do not print full proxy URLs; redact usernames, passwords, tokens, and host details before logging.
Opening the dashboard may contact third-party services and depends on remote assets remaining trustworthy and available.
The local dashboard loads third-party CDN and Google Fonts assets when opened, which is a purpose-aligned dashboard dependency but is not declared in the metadata.
<script src="https://cdnjs.cloudflare.com/ajax/libs/Chart.js/4.4.1/chart.umd.min.js"></script> ... @import url('https://fonts.googleapis.com/...Disclose these remote dashboard dependencies or bundle/pin local copies of the required assets.