Scan Report
5 /100
weather-pulse
Weather + air quality query tool using QWeather and WAQI APIs
Legitimate weather and air quality query tool with no malicious behavior, credential exfiltration, or hidden functionality.
Safe to install
This skill is safe to use. API credentials are properly handled through environment variables and only transmitted to declared weather API endpoints.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | urllib.request to api.waqi.info and QWeather API |
| Environment | READ | READ | ✓ Aligned | os.environ.get for QWEATHER_API_HOST, QWEATHER_API_KEY, WAQI_API_TOKEN |
| Filesystem | NONE | NONE | — | No file read/write operations |
| Shell | NONE | NONE | — | No subprocess or shell commands |
9 findings
Medium External URL 外部 URL
https://dev.qweather.com/docs SKILL.md:26 Medium External URL 外部 URL
https://aqicn.org/data-platform/token/. SKILL.md:35 Medium External URL 外部 URL
https://console.qweather.com SKILL.md:44 Medium External URL 外部 URL
https://aqicn.org/api/ SKILL.md:45 Medium External URL 外部 URL
https://dev.qweather.com/docs/start/ SKILL.md:67 Medium External URL 外部 URL
https://dev.qweather.com/docs/finance/pricing/ SKILL.md:67 Medium External URL 外部 URL
https://aqicn.org/data-platform/token/#/ SKILL.md:73 Medium External URL 外部 URL
https://aqicn.org/city/ SKILL.md:81 Medium External URL 外部 URL
https://api.waqi.info/feed/ scripts/weather.py:223 File Tree
3 files · 27.1 KB · 788 lines Python 1f · 467L
Markdown 1f · 316L
JSON 1f · 5L
├─
▾
scripts
│ └─
weather.py
Python
├─
_meta.json
JSON
└─
SKILL.md
Markdown
Security Positives
✓ No shell execution (subprocess, os.system) - only urllib for HTTP requests
✓ API credentials handled securely via environment variables as documented
✓ Network requests limited to legitimate weather APIs (api.waqi.info, QWeather)
✓ No credential exfiltration - keys only sent to declared endpoints
✓ No obfuscation techniques (base64, eval, atob) detected
✓ Clean, readable code with no hidden functionality
✓ Comprehensive documentation matches implementation
✓ Proper error handling and retry logic
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env files)