扫描报告
5 /100
weather-pulse
Weather + air quality query tool using QWeather and WAQI APIs
Legitimate weather and air quality query tool with no malicious behavior, credential exfiltration, or hidden functionality.
可以安装
This skill is safe to use. API credentials are properly handled through environment variables and only transmitted to declared weather API endpoints.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | urllib.request to api.waqi.info and QWeather API |
| 环境变量 | READ | READ | ✓ 一致 | os.environ.get for QWEATHER_API_HOST, QWEATHER_API_KEY, WAQI_API_TOKEN |
| 文件系统 | NONE | NONE | — | No file read/write operations |
| 命令执行 | NONE | NONE | — | No subprocess or shell commands |
9 项发现
中危 外部 URL 外部 URL
https://dev.qweather.com/docs SKILL.md:26 中危 外部 URL 外部 URL
https://aqicn.org/data-platform/token/. SKILL.md:35 中危 外部 URL 外部 URL
https://console.qweather.com SKILL.md:44 中危 外部 URL 外部 URL
https://aqicn.org/api/ SKILL.md:45 中危 外部 URL 外部 URL
https://dev.qweather.com/docs/start/ SKILL.md:67 中危 外部 URL 外部 URL
https://dev.qweather.com/docs/finance/pricing/ SKILL.md:67 中危 外部 URL 外部 URL
https://aqicn.org/data-platform/token/#/ SKILL.md:73 中危 外部 URL 外部 URL
https://aqicn.org/city/ SKILL.md:81 中危 外部 URL 外部 URL
https://api.waqi.info/feed/ scripts/weather.py:223 目录结构
3 文件 · 27.1 KB · 788 行 Python 1f · 467L
Markdown 1f · 316L
JSON 1f · 5L
├─
▾
scripts
│ └─
weather.py
Python
├─
_meta.json
JSON
└─
SKILL.md
Markdown
安全亮点
✓ No shell execution (subprocess, os.system) - only urllib for HTTP requests
✓ API credentials handled securely via environment variables as documented
✓ Network requests limited to legitimate weather APIs (api.waqi.info, QWeather)
✓ No credential exfiltration - keys only sent to declared endpoints
✓ No obfuscation techniques (base64, eval, atob) detected
✓ Clean, readable code with no hidden functionality
✓ Comprehensive documentation matches implementation
✓ Proper error handling and retry logic
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env files)