caiyun-weather
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill's behavior is consistent with its stated purpose of providing weather data.
- [DATA_EXFILTRATION]: The skill accesses an API token from environment variables or a local configuration file (~/.config/caiyunapp/config.json) and transmits it to api.caiyunapp.com. As this is the official domain for the Caiyun service, this is documented as standard vendor functionality and does not represent an exfiltration risk.
- [COMMAND_EXECUTION]: The skill runs a local Python script that uses standard library functions to process weather data. There are no instances of unsafe command execution, shell injection, or subprocess spawning.
Audit Metadata