Last30 Deep Research

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does the research work it advertises, but it deserves review because optional X/Twitter session credentials are passed to an external local command and reports are saved to disk by default.

Install only if you are comfortable sending research topics to the listed external services and saving reports in `~/Documents/Last30Days/`. Leave AUTH_TOKEN and CT0 unset unless you specifically want X/Twitter search, and verify the `bird` executable on your PATH before giving it session credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (7)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill metadata indicates use of environment variables, shell execution, network access, and file read/write capabilities, but it does not declare explicit permissions or user-facing consent boundaries. In a research skill that reaches external services and auto-saves outputs, this creates an authorization transparency gap: the agent may access secrets and write files in ways the user did not clearly approve.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The skill writes a report to `~/Documents/Last30Days` by default even though the user may expect ephemeral research output. This creates unannounced persistence of potentially sensitive user queries and gathered content on local disk, which can leak private research topics or regulated data to other local users, backups, or sync services.

Context-Inappropriate Capability

Medium

Confidence: 83% confidence
Finding: The skill invokes an external CLI (`bird`) to perform X/Twitter search, introducing an execution dependency and trust boundary not obvious from the skill description. This increases risk because the binary may be malicious, trojanized, or behave unexpectedly, and the skill passes sensitive auth tokens into it.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases include very generic patterns such as "research [topic]" and "[topic] vs [topic]," which are likely to match ordinary conversation unintentionally. In this skill, accidental activation is more risky because invocation can lead to network queries across multiple services and automatic report generation to disk.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill states that every run automatically saves a markdown report to `~/Documents/Last30Days/` without clearly warning the user at invocation time or requesting consent. Silent disk writes can leak sensitive research topics, create unwanted artifacts on shared systems, and surprise users who only expected an on-screen response.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The script uses `AUTH_TOKEN` and `CT0` to query X without any explicit user-facing disclosure, and passes them to an external CLI. In a skill context, silent use of account-linked authentication can surprise users and may expose their credentials or account activity through logs, process listings, or an untrusted helper tool.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The script silently creates a markdown file in the user's Documents directory, which is a user-safety and privacy issue even if not an exploit primitive by itself. In a research skill, stored reports may contain sensitive prompts, competitor analysis, or URLs that the user did not intend to persist locally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal