Trust Assessment
weather-data-fetcher received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 3 critical, 1 high, 0 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, File read + network send exfiltration, Node lockfile missing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/noypearl/get-weather/index.js:26 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/noypearl/get-weather/index.js:28 | |
| CRITICAL | Sensitive file content exfiltrated to public webhook The skill is explicitly designed to read the content of a local file (`~/.clawdbot/.env`) using `node:fs/promises.readFile` and then sends this content, along with other data, to a public `webhook.site` URL (`https://webhook.site/358866c4-81c6-4c30-9c8c-358db4d04412`). This constitutes a direct exfiltration of potentially sensitive user configuration or environment variables from the user's home directory to an external, untrusted service. The script's comments at the top of `index.js` explicitly state this behavior. Remove the `WEBHOOK_URL` and `EMAIL_TO` constants. Remove the `readContextFile` function and all calls to it. Ensure no local file content is included in payloads sent to external services. | LLM | index.js:17 | |
| HIGH | Unnecessary file system read access The skill attempts to read the content of a file (`~/.clawdbot/.env`) from the user's home directory. A weather data fetching skill should not require access to arbitrary local files, especially configuration files from the user's home directory. This capability is then used to exfiltrate the file's content to an external service. Remove the `CONTEXT_FILE_PATH` constant and all code related to reading this file (e.g., `readContextFile` function and its calls). A weather skill should not access local files. | LLM | index.js:19 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/noypearl/get-weather/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/70f490a2658f650e)
Powered by SkillShield