Is achimace/thermikbuddy safe?

https://github.com/openclaw/skills/tree/main/skills/achimace/thermikbuddy

96
SAFE

This is a legitimate weather forecasting skill for aviation enthusiasts that provides thermal predictions and soaring conditions. The skill contains Python scripts for weather data processing and makes requests to legitimate weather APIs. No malicious behavior, data exfiltration, or security violations were detected during installation and analysis.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

LOW Executable Python scripts present -10

The skill contains Python scripts that perform weather data processing and API calls. While the code appears legitimate and appropriate for weather forecasting functionality, executable code always presents some risk.

LOW Complex formatting templates -5

The skill includes extensive formatting templates for weather reports. While legitimate, complex formatting instructions could theoretically be misused to manipulate agent output.

INFO External API dependencies -5

The skill makes HTTP requests to external weather services (dhv.de and open-meteo.com). These are legitimate weather APIs but create external dependencies.