ClawHub

last30days

v1.0.4

Research the last 30 days across Reddit, X/Twitter, YouTube, TikTok, Instagram, Hacker News, Polymarket, GitHub, and web search. Use when: you need recent so...

0· 61·0 current·0 all-time
by@bibaofeng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (recent multi-source research) matches the code and declared requirements: AISA_API_KEY for hosted planning/search, python3 and bash to run the included scripts. The repository includes providers for Reddit, X, YouTube, TikTok, Instagram, Hacker News, Polymarket, GitHub, and web grounding as advertised.
Instruction Scope
Runtime instructions and scripts perform network calls to AISA and various provider APIs, synthesize/rerank results, and persist outputs. The skill writes data (SQLite DB and JSON briefs) to disk (defaults: a .last30days-data directory relative to the run directory and ~/.local/share/last30days/briefs for briefings). SKILL.md does not instruct reading unrelated secrets, but code will read optional env vars like GH_TOKEN/GITHUB_TOKEN when present. This read/emit behavior is expected for a research aggregator but is worth knowing.
Install Mechanism
No install spec; this is an instruction/script bundle with no remote downloads. All code ships in the bundle, so nothing is fetched from arbitrary URLs during install. Risk from install-phase is low.
Credentials
The skill requires a single primary credential (AISA_API_KEY) which is justified by use of AISA-hosted planning/search. GH_TOKEN/GITHUB_TOKEN are optional and used only for GitHub API access. No unrelated cloud or secret credentials (AWS, etc.) are required by default.
Persistence & Privilege
The skill persists research to local storage (SQLite DB and saved briefs) and creates directories under the run directory and in the user's home (~/.local/share). It does not request 'always: true' or modify other skills' configs. If you run it, expect local files and a DB; you can control locations with LAST30DAYS_DATA_DIR / LAST30DAYS_CONFIG_DIR environment variables.
Assessment
This skill appears to do what it says: it sends queries and content to the AISA-hosted services (so prompts and retrieved content travel to that provider) and it will save findings locally (a SQLite DB and brief JSON files). Before installing: (1) decide whether you are comfortable sending queries/data to the AISA service and consider using a scoped/limited API key; (2) if you prefer to control local storage, set LAST30DAYS_DATA_DIR and LAST30DAYS_CONFIG_DIR to a directory you manage or run the skill in an isolated container; (3) only provide GH_TOKEN/GITHUB_TOKEN if you want GitHub results; (4) review the scripts (they are included in the bundle) if you need to confirm what is stored or transmitted; (5) monitor network activity the first time you run it if you want extra assurance. Overall the skill is internally consistent with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk972yy7xm9pnzs5c1cjh27rach84vxec

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📰 Clawdis
Binspython3, bash
EnvAISA_API_KEY
Primary envAISA_API_KEY

Comments