Back to skill

Security audit

Moss Last30Days

Security checks across malware telemetry and agentic risk

Overview

This is a coherent recent-research skill, but it can contact external AI/search services and save research artifacts locally.

Install only if you are comfortable sending research topics to OpenAI, xAI, Reddit, and web search providers when those modes are used. Avoid sensitive private topics, prefer environment variables or a secret manager for API keys when possible, and periodically review or delete ~/.config/last30days/.env, ~/.cache/last30days, and ~/.local/share/last30days/out if you do not want saved keys, caches, or raw research outputs on disk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill instructs the agent to use environment variables, read/write files under the user's home directory, invoke a Python script, and perform network-backed research, but it declares no explicit permissions. This creates a transparency and consent gap: a user may trigger the skill without realizing it can persist configuration and access local/env-backed secrets.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The module persistently writes generated reports and, optionally, raw provider responses into a predictable user-local directory without any indication here of consent, retention limits, or sensitivity filtering. For a research/synthesis skill, storing full outputs and raw upstream data expands the data exposure surface because prompts, URLs, snippets, and provider-returned metadata may remain on disk and be accessible to other local processes or later users of the account.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Saving raw OpenAI, xAI, and enriched Reddit responses is riskier than saving normalized report content because raw payloads can include extra metadata, prompt content, or unexpected sensitive data returned by providers. That collection is broader than necessary for the stated purpose of synthesizing recent research, so it creates unnecessary local data retention and potential privacy leakage.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The metadata description uses very broad activation cues like researching any topic, learning current best practices, and what people are saying about X. Such generic triggers can cause the skill to activate during ordinary conversation, leading to unexpected network calls, script execution, or data access when the user did not explicitly request this workflow.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The statement "Research ANY topic across Reddit, X, and the web" defines an effectively unlimited scope without activation guardrails or topic restrictions. In practice, this increases the chance of over-broad autonomous behavior, including unnecessary external queries and handling of sensitive or risky topics without additional review.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code writes reports and optional raw API payloads to disk with no visible warning, consent flow, or disclosure in this module, which can surprise users and lead to inadvertent retention of potentially sensitive research inputs and outputs. In the context of a tool meant to gather and synthesize current discussions, undisclosed persistence is more dangerous because collected content may include user topics, investigation interests, and provider-returned raw text that users reasonably expect to be transient.

Session Persistence

Medium
Category
Rogue Agent
Content
If the user wants to add API keys for better results:

```bash
mkdir -p ~/.config/last30days
cat > ~/.config/last30days/.env << 'ENVEOF'
# last30days API Configuration
# Both keys are optional - skill works with WebSearch fallback
Confidence
91% confidence
Finding
mkdir -p ~/.config/last30days cat > ~/.config/last30days/.env << 'ENVEOF' # last30days API Configuration # Both keys are optional - skill works with WebSearch fallback # For Reddit research (uses Ope

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.