Last 30 Days
v1.0.0Research any topic from the last 30 days on Reddit + X + Web, synthesize findings, and write copy-paste-ready prompts. Use when the user wants recent social/web research on a topic, asks "what are people saying about X", or wants to learn current best practices. Requires OPENAI_API_KEY and/or XAI_API_KEY for full Reddit+X access, falls back to web search.
⭐ 27· 7.6k·93 current·104 all-time
by@zats
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the code: the package performs Reddit + X + web research for the last 30 days. The files implement searching, enrichment, normalization, deduplication, caching, and model selection. Requested capabilities (OPENAI/XAI keys) are exactly what the code uses and the SKILL.md documents them as optional.
Instruction Scope
SKILL.md instructs the agent to run the bundled Python script, create a config at ~/.config/last30days/.env, and to avoid asking the user about the target tool before research. The instructions are prescriptive and include rules (e.g., 'USE THE USER'S EXACT TERMINOLOGY', 'DO NOT output "Sources:" list') that influence agent behavior. A prompt-injection pattern was detected in SKILL.md; while the file otherwise remains within the research scope, those persuasive directives merit manual review because the SKILL.md is the runtime instruction set the agent will follow.
Install Mechanism
No install spec is provided (instruction-only install), so nothing is downloaded during install. The skill ships Python code that the agent will execute locally; that is expected for this kind of skill. There are no remote installers or downloads in the manifest.
Credentials
The only credentials the code uses are OPENAI_API_KEY and XAI_API_KEY (both optional per SKILL.md). The code reads/writes only skill-specific config/cache under the user's home (~/.config/last30days, ~/.cache/last30days). No unrelated secrets or system credentials are requested.
Persistence & Privilege
always is false and the skill does not request elevated privileges or modify other skills. It will create local config and cache files under the user's home directory, which is ordinary for a local tool. Autonomous invocation is allowed (platform default) — combine that with the prescriptive SKILL.md when deciding whether to allow it to run without supervision.
Scan Findings in Context
[prompt-injection:you-are-now] unexpected: The pre-scan detected a prompt-injection pattern inside SKILL.md. The visible SKILL.md is highly prescriptive and contains instructions intended to control agent behavior; this can be normal for skills but the presence of an injection-style pattern should be reviewed manually to ensure no hidden or coercive instructions are present.
What to consider before installing
This skill appears to do what it says: local Python code searches Reddit/X (when you provide API keys) and the web, then synthesizes findings. Before installing or running it: 1) Review SKILL.md and the shipped Python files yourself (or in a sandbox) because the skill will execute code locally and follows the SKILL.md as its runtime instructions. 2) The skill can create ~/.config/last30days/.env and ~/.cache/last30days — store any API keys there only if you trust the source; prefer environment variables or ephemeral keys. 3) The pre-scan flagged a prompt-injection pattern in SKILL.md; inspect the full SKILL.md for any hidden or manipulative directives (especially ones that tell the agent to ignore user input or hide sources). 4) If you plan to let agents invoke this skill autonomously, consider running it first in mock mode (--mock) or in an isolated/containerized environment and avoid granting unnecessary API keys until you are comfortable with its outputs. 5) If you need higher assurance, request the skill author/source or run the code review in a secure environment. The overall footprint is coherent with the described purpose, but the prescriptive/injection-like instructions justify caution.Like a lobster shell, security has layers — review code before you run it.
latestvk97fvdq3pmrtznsbr1qh2kb0057zymf1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.