ClawHub
Back to skill

Security audit

weather-cn-pro

Security checks across malware telemetry and agentic risk

Overview

This weather skill mostly does what it says, but it should be reviewed because the shell script evaluates parsed remote weather text as shell code and contains an under-disclosed third-party AQI helper.

Review before installing. The core weather lookup is purpose-aligned and does not handle credentials, but users should be comfortable with a bash script making network requests, and maintainers should remove the eval pattern and either document or delete the unused third-party AQI endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill declares no explicit permissions while clearly advertising shell execution via a local script (`./weather-cn-pro.sh`) and required binaries (`curl`, `grep`). This creates a transparency and governance problem: users and review systems may underestimate what the skill can execute, increasing the risk of unsafe command use or unexpected system interaction.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The finding indicates the implemented behavior accesses an undeclared third-party endpoint (`https://api.aooi.com/weather/index`) and retrieves AQI data not described in the user-facing purpose. Undocumented outbound requests expand the trust boundary, can leak user queries to an unexpected service, and may enable data collection or behavior inconsistent with user consent and platform review.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal