session-reflect Security Report — Suspicious | ClawSafe

45 /100

session-reflect

Analyze Claude Code session history to generate self-observation journals

Skill declares local-only processing but commands use undocumented shell subprocess to cat config and sync sessions; also accesses undocumented ~/.claude memory path.

Skill Namesession-reflect

Duration33.2s

Enginepi

⚠

Use with caution

Document all shell subprocess invocations in SKILL.md; clarify what data is read from ~/.claude memory path and why it's necessary.

Findings 3 items

Severity	Finding	Location
Medium	Undeclared shell execution in command files All three command files (default.md, drift.md, emerge.md) execute 'python3 ~/coding/session-reflect/extract_sessions.py sync' and 'cat ~/.config/session-reflect/config.json' via subprocess. SKILL.md declares filesystem:READ but does not mention shell execution capability. `python3 ~/coding/session-reflect/extract_sessions.py sync` → Update SKILL.md to declare shell:WRITE capability and document the subprocess invocations.	`commands/reflect/default.md, commands/reflect/drift.md, commands/reflect/emerge.md:3`
Medium	Undeclared memory path access commands/reflect/default.md line 42 reads from ~/.claude/projects/-Users-wh-coding/memory/user_profile.md - a sensitive user profile path not mentioned in SKILL.md. `cat ~/.claude/projects/-Users-wh-coding/memory/user_profile.md` → Document this path access in SKILL.md or remove if not essential.	`commands/reflect/default.md:42`
Low	Hardcoded username in path Memory path contains hardcoded username 'wh-coding' which may not be portable across systems. `~/.claude/projects/-Users-wh-coding/memory/` → Derive username dynamically or use environment variables.	`commands/reflect/default.md:42`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	commands/reflect/default.md:42 reads ~/.claude memory path
Shell	`NONE`	`WRITE`	✗ Violation	Commands execute python3 and cat via shell
Environment	`NONE`	`NONE`	—	No direct env access
Network	`NONE`	`NONE`	—	No network requests found

2 findings

🔗

Medium External URL 外部 URL

https://www.youtube.com/watch?v=6MBq1paspVU

SKILL.md:115

🔗

Medium External URL 外部 URL

https://clawskills.sh/skills/riley-coyote-continuity

SKILL.md:117

File Tree

6 files · 31.4 KB · 1069 lines

Python 1f · 542L Markdown 5f · 527L

├─ ▾ 📁 commands

│ └─ ▾ 📁 reflect

│ ├─ 📝 default.md Markdown 64L · 2.0 KB

│ ├─ 📝 drift.md Markdown 49L · 1.2 KB

│ └─ 📝 emerge.md Markdown 52L · 1.4 KB

├─ 🐍 extract_sessions.py Python 542L · 16.7 KB

├─ 📝 reflect.md Markdown 245L · 6.6 KB

└─ 📝 SKILL.md Markdown 117L · 3.4 KB

Security Positives

✓ Sensitive data patterns (API keys, tokens, passwords) are properly redacted in session content

✓ All processing writes locally to user-specified Obsidian Vault

✓ No network exfiltration detected

✓ No credential harvesting or data theft indicators

✓ System prompts and boilerplate content are filtered

✓ Code blocks are replaced with placeholders

Scan Report

Findings 3 items

File Tree

Security Positives