Back to skill

Security audit

Euskalmet

Security checks across malware telemetry and agentic risk

Overview

This is a mostly coherent Euskalmet weather skill, but one documented setup script can expose part of the user's API private key in terminal or log output.

Review or remove scripts/test_env.py's private-key prefix print before installing. Use a dedicated, revocable Euskalmet credential, keep the .env file private, and expect the skill to contact Euskalmet/Euskadi endpoints and write forecast/icon files inside the skill directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
This script loads a sensitive private API key from the environment and prints part of it to stdout, which can leak secrets into terminal history, CI logs, or shared debugging output. For a weather-forecast skill, exposing credential material is not necessary for normal functionality, so this behavior is unjustified and increases the risk of credential disclosure.

Natural-Language Policy Violations

Low
Confidence
96% confidence
Finding
The JSON embeds an absolute local filesystem path (`/Users/kamaraka/.openclaw/skills/euskalmet/images-modern/...`) that reveals a developer username and host-specific directory structure. This is not remote code execution, but it is a real information disclosure and portability issue that can leak environment details and break deployments on other systems.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Accessing a sensitive environment variable is not inherently unsafe, but partially printing it without clear safeguards creates an avoidable secret exposure path. Even truncated secrets can aid identification, correlation, or partial disclosure when combined with other logs or leaked material.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.