Is alex1389/weather-location safe?

https://github.com/openclaw/skills/tree/main/skills/alex1389/weather-location

82
SAFE

This skill is a legitimate weather and webcam utility that fetches weather data from wttr.in and captures webcam images from Meteoblue/Windy. It contains no executable code, no malicious patterns, and passed all clone-time monitoring checks cleanly. The primary concerns are the agent output suppression via NO_REPLY and the dynamic URL execution via curl, which creates a mild SSRF-like risk if webcam pages are compromised.

Category Scores

Prompt Injection 75/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (7)

MEDIUM Agent output suppression via NO_REPLY -10

The skill instructs the agent to 'Respond with NO_REPLY in the main session after using the message tool.' This overrides the agent's normal response behavior, suppressing output to the user. While functionally motivated to avoid duplicate responses, this pattern could mask errors or unexpected behavior.

MEDIUM Shell command execution via agent instructions -10

The skill instructs the agent to execute shell commands using exec(), specifically curl to download content from URLs discovered during web browsing. The URL is dynamically determined from web search results and browser snapshots, meaning the agent will execute curl with attacker-influenceable input if the webcam pages are compromised.

LOW Multiple external domain references -5

The skill directs the agent to interact with multiple external services: wttr.in for weather data, Meteoblue and Windy for webcam searches, and imgproxy.windy.com for image URLs. While these are legitimate services, they expand the agent's attack surface.

LOW User location sent to external services -10

The skill sends user-provided location data to wttr.in via curl and uses it in web searches for Meteoblue/Windy. This is inherent to the skill's purpose but exposes user location to third-party services without explicit consent disclosure.

MEDIUM Dynamic URL download via curl exec -15

The skill instructs the agent to download content from URLs found by browsing webcam pages. The URL is not hardcoded but discovered at runtime from third-party websites. A man-in-the-middle or compromised webcam page could inject a URL pointing to non-image content, which would be written to /tmp/webcam.jpg.

LOW Fixed temp file path could enable cross-skill attacks -10

The skill always writes to /tmp/webcam.jpg, a predictable path. If another installed skill reads from /tmp or processes image files, this creates a potential cross-skill attack vector where a malicious image or non-image file written to this path could be consumed by another skill.

INFO Clean installation with no anomalous activity -5

The skill installed cleanly via sparse git checkout with no unexpected filesystem, network, or process activity. All observed monitoring events are attributable to the audit framework infrastructure (auditctl setup, canary hashing, GDM session management).