Scan Report
5 /100
weather-pulse
Weather + Air Quality query tool using QWeather and WAQI APIs
Clean weather and air quality query tool with no security issues. Only accesses declared API endpoints and reads API keys from environment variables.
Safe to install
This skill is safe to use. No action required.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file I/O operations in code |
| Network | READ | READ | ✓ Aligned | Only accesses api.waqi.info and {QW_HOST} (QWeather API) |
| Shell | NONE | NONE | — | No subprocess/os.system/eval calls |
| Environment | READ | READ | ✓ Aligned | Lines 51-54: os.environ.get for API keys |
| Skill Invoke | NONE | NONE | — | No skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
9 findings
Medium External URL 外部 URL
https://dev.qweather.com/docs SKILL.md:4 Medium External URL 外部 URL
https://aqicn.org/data-platform/token/. SKILL.md:13 Medium External URL 外部 URL
https://console.qweather.com SKILL.md:22 Medium External URL 外部 URL
https://aqicn.org/api/ SKILL.md:23 Medium External URL 外部 URL
https://dev.qweather.com/docs/start/ SKILL.md:45 Medium External URL 外部 URL
https://dev.qweather.com/docs/finance/pricing/ SKILL.md:45 Medium External URL 外部 URL
https://aqicn.org/data-platform/token/#/ SKILL.md:51 Medium External URL 外部 URL
https://aqicn.org/city/ SKILL.md:59 Medium External URL 外部 URL
https://api.waqi.info/feed/ scripts/weather.py:159 File Tree
3 files · 23.3 KB · 687 lines Python 1f · 400L
Markdown 1f · 282L
JSON 1f · 5L
├─
▾
scripts
│ └─
weather.py
Python
├─
_meta.json
JSON
└─
SKILL.md
Markdown
Security Positives
✓ Uses only Python standard library (urllib) - no external dependencies
✓ API credentials read exclusively from environment variables
✓ All network requests target only documented API endpoints
✓ No shell execution, subprocess, or system calls
✓ No file I/O operations beyond standard output
✓ No credential exfiltration or data theft patterns
✓ Comprehensive documentation in SKILL.md matches implementation
✓ No base64, eval, or obfuscation patterns detected
✓ Clean code with no hidden functionality