Trust Assessment
last30days received a trust score of 34/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Unsafe environment variable passthrough, Credential harvesting, Suspicious import: urllib.request.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on July 1, 2026 (commit a4d31ad1). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Credential harvesting Reading well-known credential environment variables Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores. | Manifest | skills/last30days/scripts/lib/env.py:41 | |
| HIGH | Unsafe environment variable passthrough Access to well-known credential environment variables Minimize environment variable exposure. Only pass required, non-sensitive variables to MCP servers. Use dedicated secret management instead of environment passthrough. | Manifest | skills/last30days/scripts/lib/env.py:41 | |
| HIGH | Command Injection via Shell Argument Expansion The skill instructions in SKILL.md direct the host LLM to execute a local Python script by passing user-controlled search terms directly into a shell command using double quotes: `python3 ./scripts/last30days.py "$ARGUMENTS" --emit=compact 2>&1`. Because double quotes in bash allow command substitution (`$(...)` and `` `...` ``) and variable expansion, a malicious user input or a prompt injection from a researched web page can execute arbitrary shell commands on the host system running Claude Code. Avoid passing user-controlled arguments directly into shell commands. Instead, pass the arguments via environment variables, read them from standard input, or use a safe execution API that does not invoke a shell. | LLM | SKILL.md:104 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/last30days/scripts/lib/http.py:8 |
Scan History
Embed Code
[](https://skillshield.io/report/770ab33e9156c573)
Powered by SkillShield