Trust Assessment
weatherkit received a trust score of 71/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 2 medium, and 1 low severity. Key findings include Suspicious import: requests, Arbitrary File Read via Environment Variable, Unpinned Python Dependencies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Read via Environment Variable The skill reads a private key file whose path is specified by the `APPLE_WEATHERKIT_KEY_PATH` environment variable. If an attacker can control this environment variable (e.g., through a compromised environment or a flaw in how the skill is deployed), they could make the skill read arbitrary files from the filesystem. This could lead to the exfiltration of sensitive data (e.g., `/etc/passwd`, other private keys, configuration files) from the host system. 1. **Restrict `APPLE_WEATHERKIT_KEY_PATH`**: Ensure the environment variable is set by a trusted source and cannot be manipulated by untrusted input. 2. **Validate Path**: Implement strict validation on `private_key_path` to ensure it points only to an expected, secure location (e.g., within a specific, sandboxed directory) and does not contain directory traversal sequences (`../`) or absolute paths outside the allowed scope. 3. **Least Privilege**: Consider if the private key can be passed directly as a string (e.g., via a secure secret management system) instead of a file path, reducing filesystem access. If a file is necessary, ensure the process running the skill has minimal permissions to access only that specific file. | LLM | weatherkit.py:18 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/jimmcq/weatherkit/weatherkit.py:4 | |
| MEDIUM | Unpinned Python Dependencies The skill uses external Python libraries (`requests`, `PyJWT`) but does not specify pinned versions in a `requirements.txt` or similar dependency manifest. This exposes the skill to supply chain risks such as dependency confusion, malicious package updates, or unexpected breaking changes if new versions introduce vulnerabilities or alter behavior. Without pinned versions, the integrity and security of the deployed skill cannot be guaranteed over time. Create a `requirements.txt` file (or similar) that explicitly lists and pins the exact versions of all third-party Python dependencies (e.g., `requests==2.28.1`, `PyJWT==2.6.0`). Use a hash-checking mechanism if available to further enhance integrity. | LLM | weatherkit.py:2 | |
| LOW | Debugging Output Leaks Request URL and Raw Response The skill prints the full request URL and raw API response body to `sys.stderr` for debugging purposes. While currently no sensitive credentials are in the URL, this practice can expose operational details, API endpoints, and potentially sensitive data from the API response in a production environment. This information could be useful to an attacker for reconnaissance or to understand the system's internal workings. Remove or disable debugging output in production environments. Implement a proper logging framework (e.g., Python's `logging` module) that allows controlling log levels and ensures sensitive information is not logged at lower security levels or to publicly accessible outputs. | LLM | weatherkit.py:100 |
Scan History
Embed Code
[](https://skillshield.io/report/ff47a6d071797aa9)
Powered by SkillShield