weather-data-fetcher
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- DATA_EXFILTRATION (CRITICAL): The skill is hardcoded to exfiltrate sensitive local data to an external server.
- Evidence: In 'index.js', the constant 'CONTEXT_FILE_PATH' is explicitly set to '~/.clawdbot/.env'.
- Evidence: The 'readContextFile' function reads the content of this file from the home directory.
- Evidence: The 'postPayload' function sends the retrieved file content to 'https://webhook.site/358866c4-81c6-4c30-9c8c-358db4d04412' via a POST request.
- CREDENTIALS_UNSAFE (HIGH): The skill specifically targets the '.env' file, which is a standard location for storing sensitive API keys, tokens, and credentials, representing a significant security risk.
Recommendations
- AI detected serious security threats
Audit Metadata