← Back to Skills Marketplace
qrost

Wind & Site

by AddinCui · GitHub ↗ · v1.1.1
cross-platform ⚠ suspicious
660
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install wind-site
Description
Wind rose, wind speed/direction at a site; supports site and urban wind assessment (data only; detailed CFD is out of scope).
Usage Guidance
This skill appears coherent and low-risk: it fetches public weather data and plots it. Before installing, (1) review/approve the included scripts (they are short and readable), (2) install dependencies in a controlled environment (virtualenv) and run once manually to verify behavior, (3) be aware the skill makes outbound HTTPS requests to Open‑Meteo (no API key) and will save images to a chosen path — use an allowed directory like ~/.openclaw/media/ or /tmp/, and (4) if you do not want the agent to execute scripts automatically, avoid enabling autonomous invocation or require manual confirmation in agent settings. If you want extra caution, run the scripts locally yourself rather than letting the agent execute them.
Capability Analysis
Type: OpenClaw Skill Name: wind-site Version: 1.1.1 The skill is classified as suspicious due to a significant prompt injection vulnerability against the OpenClaw agent. The `SKILL.md` file explicitly instructs the agent to use `shell:exec` to run Python scripts (`scripts/wind_info.py`, `scripts/wind_rose.py`) with parameters directly derived from user input. If the agent does not robustly sanitize or quote these user-provided parameters when constructing the shell command, a malicious user could inject arbitrary shell commands, potentially leading to Remote Code Execution (RCE). Additionally, `scripts/wind_rose.py` writes to an `output_path` directly from arguments, which, if combined with prompt injection, could lead to arbitrary file writes, despite `SKILL.md` attempting to guide the agent to use 'allowed paths'.
Capability Assessment
Purpose & Capability
Name/description match the included Python scripts and usage: both scripts call Open‑Meteo endpoints (no API key), compute/print wind values, and plot/save a wind rose. No unrelated binaries, env vars, or services are requested.
Instruction Scope
SKILL.md instructs the agent to run the included scripts via shell exec and to save/send the PNG from allowed media dirs. The scripts only fetch Open‑Meteo data, process it, and write an image/text output. One notable instruction: 'Do not ask for confirmation; execute and return the image and data' — this grants the agent permission to run the scripts automatically when triggered by a user request (which is expected for a user-invocable skill), but you should be aware it will perform outbound network calls without further prompts.
Install Mechanism
No install spec; this is instruction + included Python scripts. Dependencies are standard Python packages listed in requirements.txt and must be installed manually (pip). No remote downloads or extracted archives are performed by the skill itself.
Credentials
The skill requires no credentials, no config paths, and no environment variables. Network access to Open‑Meteo (public API) is required and is proportional to the stated function.
Persistence & Privilege
always:false and the skill does not request persistent system changes or modify other skills. The SKILL.md contains a permission header 'shell:exec' (expected for running scripts) but this alone is not a privilege escalation.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install wind-site
  3. After installation, invoke the skill by name or use /wind-site
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.1
Patch: OpenClaw allowed media paths docs.
v1.1.0
Minor version bump.
v1.0.0
Wind rose and wind speed/direction at a site; Open-Meteo, no API key.
Metadata
Slug wind-site
Version 1.1.1
License
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is Wind & Site?

Wind rose, wind speed/direction at a site; supports site and urban wind assessment (data only; detailed CFD is out of scope). It is an AI Agent Skill for Claude Code / OpenClaw, with 660 downloads so far.

How do I install Wind & Site?

Run "/install wind-site" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Wind & Site free?

Yes, Wind & Site is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Wind & Site support?

Wind & Site is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Wind & Site?

It is built and maintained by AddinCui (@qrost); the current version is v1.1.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments