Is brandon2255p/yr-no-weather safe?

https://github.com/openclaw/skills/tree/main/skills/brandon2255p/yr-no-weather

91
SAFE

The yr-no-weather skill is a straightforward weather lookup utility that fetches data from the Norwegian Meteorological Institute's public API using standard Python stdlib. No prompt injection, data exfiltration, suspicious code execution, unexpected network activity, or canary file tampering was detected. The only minor concerns are a static User-Agent that discloses the platform identity on every API call and the general principle that executable scripts with HTTP capabilities are injected into the agent's tool context.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 87/100 · 25%
Code Execution 88/100 · 20%
Clone Behavior 93/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (4)

LOW User-Agent discloses platform identity to remote server -8

Both weather.py and tomorrow.py hardcode the User-Agent string 'OpenClawYrWeather/1.0 github.com/openclaw/openclaw'. This sends the platform URL to api.met.no on every invocation. While MET Norway is a legitimate service, any skill that phones home on every use could fingerprint deployments. This is low severity because the endpoint is public and the User-Agent is static, not dynamic.

LOW Python scripts with outbound HTTP capability injected into agent context -7

The skill injects runnable Python scripts into the agent's tool context. While these scripts are benign as written, any agent with shell/exec tools could invoke them. The scripts use urllib directly, which bypasses proxy inspection in some configurations. Risk is low because all network targets are hardcoded.

INFO External URL embedded in SKILL.md -2

SKILL.md documents the API endpoint https://api.met.no/weatherapi/locationforecast/2.0/compact. This is a legitimate, well-documented public API. The URL is not instructional (it does not tell the agent to fetch it directly as a system-prompt injection) — it is documentation.

INFO Unusual default location (Cape Town) and informal display name -2

The default coordinates in both scripts point to Cape Town, South Africa (-33.9288, 18.4174). The _meta.json displayName reads 'We didn't really need it. Yr no Weather'. Neither is a security concern — likely reflects the developer's geography and humor — but reviewers should note the author context.