openweather-api

SUSPICIOUS: The skill’s stated purpose is weather API access, but all auth and request traffic is routed through Membrane rather than directly to OpenWeather. The install source is legitimate and same-vendor via npm, so this is not strong evidence of malware; however, the third-party credential handling and proxy-based data flow make the footprint broader than a simple OpenWeather skill and create medium security risk.