caiyun-weather
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill consists of documentation and configuration instructions for the Caiyun Weather service. No executable scripts are included in the skill package itself.
- [EXTERNAL_DOWNLOADS]: The skill references the mcp-caiyun-weather Python package to be installed via uvx. This is a standard method for utilizing MCP servers.
- [CREDENTIALS_UNSAFE]: The instructions correctly guide the user to provide their own API token as an environment variable (CAIYUN_WEATHER_API_TOKEN) rather than hardcoding any secrets.
- [COMMAND_EXECUTION]: Tool interactions are performed through mcporter using structured coordinate parameters (lng and lat), posing no apparent command injection risk.
Audit Metadata