Last30days Zh
AdvisoryAudited by Static analysis on May 8, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using the skill lets the agent run the bundled research scripts on your machine.
The skill is operated by running bundled Bash/Python scripts. This is central to the research CLI workflow and is disclosed, but users should understand they are executing local code.
bash scripts/run-last30days.sh "$ARGUMENTS" --emit=compact python3 scripts/last30days.py "$ARGUMENTS" --api-key="$AISA_API_KEY"
Review the scripts if you are in a sensitive environment, and run the skill from a trusted copy of the package.
The skill can use your AISA account quota/permissions to perform hosted searches and model calls.
The code sends the disclosed AISA API key as a bearer token to AISA-hosted endpoints. This is expected for the AISA-backed search and synthesis features.
AISA_BASE_URL = "https://api.aisa.one"
...
"Authorization": f"Bearer {api_key}"Use a dedicated or least-privileged AISA key if available, and avoid sharing the key in transcripts or saved output.
Your research topic and related query/context data may be sent to AISA and relevant hosted search providers.
The skill discloses that research planning, reranking, synthesis, web search, and some platform searches are routed through AISA-hosted services.
通过 AISA 提供规划、重排、综合、grounded web search、X/Twitter、YouTube 和 Polymarket。
Do not use the skill for highly confidential research topics unless you are comfortable with the AISA/provider data flow.
A local config file may contain credentials or provider settings that affect future runs from that directory.
The skill can read a local repo/current-directory config file for API keys and options, and warns if that file is too broadly readable. This is disclosed and limited to configuration, not persistent agent memory.
CONFIG_DIR = Path.cwd() / ".last30days-data" CONFIG_FILE = CONFIG_DIR / "config.env" ... _check_file_permissions(path)
Keep `.last30days-data/config.env` private, set restrictive permissions such as `chmod 600`, and do not place untrusted configuration files in working directories.