← Back to Skills Marketplace

Last30days Skill

Name: Last30days Skill
Author: johnsondevops

by johnsonDevops · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

3965

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install last30days-skill

Description

Research a topic from the last 30 days. Also triggered by 'last30'. Sources: Reddit, X, YouTube, web. Become an expert and write copy-paste-ready prompts.

Usage Guidance

Install only if you are comfortable with the skill reading X/Twitter browser session cookies for authenticated search, sending your research topics to the listed providers, and keeping reports/raw responses locally. Avoid sensitive or confidential topics unless you first disable cookie-based X search and review or clear the output/cache/database files.

Capability Analysis

Type: OpenClaw Skill Name: last30days-skill Version: 1.0.0 The skill is classified as suspicious due to several high-risk capabilities and vulnerabilities, despite its stated benign purpose. The most critical concern is a potential shell injection vulnerability in `SKILL.md` where user-controlled `$ARGUMENTS` are passed directly to a `bash` command executing `scripts/last30days.py`. While the Python script itself uses `argparse` to mitigate direct injection within Python, the initial `bash` execution is vulnerable if the OpenClaw agent does not sanitize `$ARGUMENTS`. Additionally, the vendored Node.js module (`scripts/lib/vendor/bird-search/`) accesses browser cookies for X.com authentication and dynamically fetches/executes JavaScript from X.com to update API endpoints, posing a supply chain vulnerability if X.com were compromised. The broad `Bash` and `Write` tool permissions in `SKILL.md` further amplify these risks.

Capability Assessment

⚠ Purpose & Capability

The core purpose is coherent: it researches recent topics across Reddit, X, YouTube, and web sources. The material concern is that X search resolves auth_token and ct0 from local Safari/Chrome/Firefox browser cookies by default and sends them as an authenticated Twitter/X GraphQL session, while SKILL.md also says it does not access the user's X account.

ℹ Instruction Scope

The skill is intentionally broad, covering any topic and using Bash, Read, Write, AskUserQuestion, and WebSearch. It is user-invocable and has disable-model-invocation set, which reduces accidental autonomous use, but the open variant accepts natural-language watchlist commands and should be used deliberately.

ℹ Install Mechanism

Installation is documented as a git clone plus local API-key configuration. Older planning docs mention global npm installation, but the current runtime vendors the Bird search wrapper and install_bird is a no-op, so those plan-file install concerns are not active behavior.

⚠ Credentials

The skill needs network and local execution for its stated purpose, but it reads local API-key config, may read browser cookie stores for X auth, calls multiple third-party providers, and writes reports plus raw provider responses to local disk. Those capabilities are powerful but only partly surfaced in the top-level security text.

⚠ Persistence & Privilege

One-shot mode writes report and raw response files under ~/.local/share/last30days/out, cache files under ~/.cache/last30days, and the open/watchlist mode stores accumulated findings and briefings in SQLite/local JSON. Scheduling is not automatic without cron or another external runner, but the persistence is broad enough to require explicit user awareness.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install last30days-skill
After installation, invoke the skill by name or use /last30days-skill
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

last30days-skill v1.0.0 — Initial Release - Enables research on any topic discussed in the last 30 days across Reddit, X, YouTube, and the web. - Automatically parses user intent to identify topic, target tool, and research type before any research begins. - Transparently displays parsed user intent to confirm understanding before running research scripts. - Performs a comprehensive foreground research script combining recent Reddit/X/YouTube data, followed by focused WebSearch. - Synthesizes findings to deliver actionable, copy-paste-ready prompts or insights, grounded in up-to-date, real-world discussions.

Metadata

Slug last30days-skill

Version 1.0.0

License —

All-time Installs 32

Active Installs 32

Total Versions 1

Frequently Asked Questions

What is Last30days Skill?

Research a topic from the last 30 days. Also triggered by 'last30'. Sources: Reddit, X, YouTube, web. Become an expert and write copy-paste-ready prompts. It is an AI Agent Skill for Claude Code / OpenClaw, with 3965 downloads so far.

How do I install Last30days Skill?

Run "/install last30days-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Last30days Skill free?

Yes, Last30days Skill is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Last30days Skill support?

Last30days Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Last30days Skill?

It is built and maintained by johnsonDevops (@johnsondevops); the current version is v1.0.0.

More Skills