Is weather safe?
https://clawhub.ai/steipete/weather
This is a straightforward, benign weather lookup skill that instructs the agent to use curl against two well-known public weather APIs (wttr.in and Open-Meteo). No prompt injection, data exfiltration, or malicious code execution patterns were detected. The only notable risk is the inherent capability of curl as a network tool, which is a theoretical concern common to any network-capable skill.
Category Scores
Findings (4)
LOW Curl usage enables potential exfiltration vector -12 ▶
The skill teaches the agent to use curl against external endpoints. While the specified endpoints (wttr.in, api.open-meteo.com) are legitimate public weather APIs, curl is a general-purpose HTTP client. If the agent is susceptible to prompt injection from another source, the curl capability could theoretically be repurposed to send data to attacker-controlled servers via URL parameters or POST bodies.
LOW Bash code snippets intended for agent execution -8 ▶
The skill contains bash curl commands that the agent is expected to execute. These are simple, single-purpose commands with no dangerous patterns (no eval, no pipe to sh, no variable expansion from untrusted sources). The PNG download writes to /tmp which is appropriate.
INFO Agent runtime reads sensitive paths during bootstrap -15 ▶
The filesystem monitoring captured the openclaw agent runtime reading .env, .aws/credentials, .profile, .bashrc, and openclaw.json during its standard startup sequence. These reads are from the agent runtime itself, not from the skill. The .aws/credentials file was opened and read but this is part of the agent's own credential loading, unrelated to the skill under test.
INFO External URL references to public APIs -5 ▶
The skill references wttr.in and api.open-meteo.com as external services. Both are well-known, legitimate, free weather APIs. The homepage field also references wttr.in/:help which is the official help page for the service.