weather-skill-yub
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user copying the example could be confused about which skill/package to install.
The install example appears placeholder-like and does not match the evaluated registry slug, so users should verify they are installing the intended package; the artifacts do not show automatic remote installation.
clawhub install your-name/weather-query
Verify the registry entry before installing and update the documentation to use the exact published skill name.
The queried city may be visible to wttr.in and potentially to network intermediaries.
Online mode sends the user-provided city to the external wttr.in service over plain HTTP; this is disclosed and purpose-aligned, but it is still an external data/transport dependency.
url = f'http://wttr.in/{encoded_city}?format=j1'Use this only for non-sensitive location queries, prefer HTTPS if the service supports it, or use the documented --offline mode when no network disclosure is desired.