last30days

[Skill Scanner] Detected role reassignment attempt The skill performs plausible, legitimate research/synthesis tasks, but it also requires elevated privileges (auto-detecting API keys; Bash/Read/Write; executing a local script in the user's home directory). These factors materially increase the risk of credential exposure or arbitrary code execution if the local script or its dependencies are malicious or tampered with. Recommend: do NOT run the script without first reviewing the contents of scripts/last30days.py and any dependencies, remove or disable automatic key discovery unless explicitly consented by the user, and execute in an isolated/sandboxed environment. With those mitigations, the skill can be acceptable; without them treat it as suspicious and high-risk for credentials. LLM verification: The skill's design is plausible for benign research use, but it contains operational behaviors that introduce substantive security risk: executing a local Python script with dynamic path resolution and automatic API key detection without scoping or integrity verification. These behaviors can enable credential harvesting and arbitrary code execution if the script or skill directory is compromised. No explicit malicious payload or obfuscated code is present in the provided SKILL.md fragment, but t