Is jimmcq/weatherkit safe?

https://github.com/openclaw/skills/tree/main/skills/jimmcq/weatherkit

92
SAFE

The jimmcq/weatherkit skill is a straightforward Apple WeatherKit API client that authenticates via JWT and fetches weather forecasts. The SKILL.md contains no prompt injection, the Python implementation makes requests only to Apple's documented endpoint, and installation produced no unexpected filesystem or network activity. The two minor concerns — debug prints left in production code and an unvalidated file path for the private key — represent code quality issues rather than security threats.

Category Scores

Prompt Injection 96/100 · 30%
Data Exfiltration 88/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 96/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 88/100 · 5%

Findings (4)

LOW Debug print statements left in production code -10

weatherkit.py contains two unconditional debug prints to stderr: one emitting the full request URL (including lat/lon) and one emitting the raw API response body. In agent frameworks that capture stderr into conversation context, this could surface geolocation data or large JSON blobs unnecessarily.

LOW Private key path accepts arbitrary filesystem location -10

The APPLE_WEATHERKIT_KEY_PATH environment variable is passed directly to open() without validation. If a user or another skill sets this variable to a sensitive file path (e.g., ~/.ssh/id_rsa), its contents would be read and used as the private key material, resulting in a failed JWT but a successful file read. The key is transmitted only to Apple's API endpoint.

INFO Canary files accessed twice during monitoring window 0

Inotify and auditd logs show READ-ONLY access to all six canary files at both 13:38:58 (pre-install) and 13:39:19 (post-install). Timing and process context correlate these with the oathe monitoring platform's own integrity verification routines, not with any skill-initiated activity. No write operations were recorded and the platform's canary check confirms all files intact.

INFO Skill correctly scoped to single Apple API endpoint 0

All network activity in weatherkit.py targets https://weatherkit.apple.com/api/v1 exclusively. The WEATHERKIT_BASE_URL constant is hardcoded and no user input flows into the host portion of the URL, preventing SSRF via the latitude/longitude parameters.