lastXdays
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: lastxdays Version: 1.0.2 The `SKILL.md` instructs the OpenClaw agent to execute local Node.js scripts (`scripts/lastxdays_range.js`, `scripts/lastxdays_ingest.js`) and potentially `x-cli` with user-controlled input (the `topic`). Specifically, `node scripts/lastxdays_ingest.js` takes the user-provided topic as an argument. This creates a significant risk of shell injection (Remote Code Execution) if the `lastxdays_ingest.js` script or `x-cli` does not properly sanitize its command-line arguments before using them in a shell context. While the skill's stated purpose is benign, this direct execution of local scripts with unsanitized user input constitutes a critical vulnerability.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could fail, or if a matching relative script exists elsewhere, run code that was not shipped or reviewed with the skill.
The provided manifest contains only SKILL.md and says there are no code files, so this referenced helper is missing/unreviewed even though the skill instructs the agent to use it.
Use this helper to ingest Reddit/X when possible: - `node scripts/lastxdays_ingest.js --source=reddit|x --topic "..." --start YYYY-MM-DD --end YYYY-MM-DD --limit 40`
Bundle the helper scripts with the skill, pin and document their source, or change the instructions to use web-only fallback unless the user explicitly provides and approves a known helper path.
Running a relative, absent helper can execute unintended local code if the working directory contains a same-named script.
The skill directs Node execution through a relative scripts/ path, but no such script is included in the instruction-only package.
Helper for “last N days”: - `node scripts/lastxdays_range.js <N>`
Avoid relative execution of missing helpers; use a bundled absolute skill path, verify the file before running, and ask the user before executing local code.
Installing or using the skill may lead the agent to rely on existing Reddit/X account credentials for read/search operations.
The skill discloses optional Reddit and X credentials for API ingestion; this is purpose-aligned but sensitive and not declared in registry metadata.
Required environment variables (if you want API mode): ... `REDDIT_CLIENT_SECRET` ... `REDDIT_REFRESH_TOKEN` ... `REDDIT_USERNAME` + `REDDIT_PASSWORD` ... `X_BEARER_TOKEN`
Use least-privilege API credentials, prefer refresh tokens over passwords, and confirm which credentials will be used before enabling Reddit/X ingestion.
Private local X archive data could influence summaries or be quoted as links/items if ingestion is enabled.
The skill may read a local X archive as retrieved context. That is relevant to the research purpose, but local archives can contain private or user-specific content.
then local archive at `~/clawd/data/x-archive/`, else returns `fallback:true`
Check what is in the local archive, restrict access to intended public data, and have the agent label archive-derived results clearly.