安全决策报告

session-reflect

Name: session-reflect 可信度判断报告
Item: session-reflect
Rating: 55
Author: ClawSafe

Skill declares local-only processing but commands use undocumented shell subprocess to cat config and sync sessions; also accesses undocumented ~/.claude memory path.

安装决策优先来源: 手动上传扫描时间: 2026/4/3

文件 6

IOC 2

越权项 1

发现 3

最直接的威胁证据

为什么得出这个结论

1/4 个维度触发

阻止

声明与实际能力

发现 1 项声明之外的能力或越权行为。

复核

隐藏执行与外联

提取到 2 个一般风险产物，需要结合上下文判断。

通过

攻击链与高危发现

没有形成明确的恶意路径。

复核

依赖与供应链卫生

没有完整依赖信息，供应链判断需要保留弹性。

风险分是怎么被拉高的

Undocumented shell subprocess +20

Commands run 'python3 ~/coding/session-reflect/extract_sessions.py sync' and 'cat ~/.config/session-reflect/config.json' via shell - not declared in SKILL.md

Undeclared sensitive path access +15

commands/reflect/default.md:42 accesses ~/.claude/projects/-Users-wh-coding/memory/user_profile.md without disclosure

Hidden capability mapping +10

shell:WRITE capability required for subprocess but not declared in SKILL.md

最关键的证据

中危

Undeclared shell execution in command files

All three command files (default.md, drift.md, emerge.md) execute 'python3 ~/coding/session-reflect/extract_sessions.py sync' and 'cat ~/.config/session-reflect/config.json' via subprocess. SKILL.md declares filesystem:READ but does not mention shell execution capability.

commands/reflect/default.md, commands/reflect/drift.md, commands/reflect/emerge.md:3

Update SKILL.md to declare shell:WRITE capability and document the subprocess invocations.

中危

Undeclared memory path access

commands/reflect/default.md line 42 reads from ~/.claude/projects/-Users-wh-coding/memory/user_profile.md - a sensitive user profile path not mentioned in SKILL.md.

commands/reflect/default.md:42

Document this path access in SKILL.md or remove if not essential.

低危

Hardcoded username in path

Memory path contains hardcoded username 'wh-coding' which may not be portable across systems.

commands/reflect/default.md:42

Derive username dynamically or use environment variables.

声明能力 vs 实际能力

文件系统 通过

声明 READ

→

推断 READ

commands/reflect/default.md:42 reads ~/.claude memory path

命令执行 阻止

声明 NONE

→

推断 WRITE

Commands execute python3 and cat via shell

环境变量 通过

声明 NONE

→

推断 NONE

No direct env access

网络访问 通过

声明 NONE

→

推断 NONE

No network requests found

可疑产物与外联

中危外部 URL

https://www.youtube.com/watch?v=6MBq1paspVU

SKILL.md:115

中危外部 URL

https://clawskills.sh/skills/riley-coyote-continuity

SKILL.md:117

依赖与供应链

没有结构化依赖告警。

文件构成

6 个文件 · 1069 行

Python 1 个文件 · 542 行Markdown 5 个文件 · 527 行

需关注文件 · 2

SKILL.md Markdown · 117 行

https://www.youtube.com/watch?v=6MBq1paspVU · https://clawskills.sh/skills/riley-coyote-continuity

commands/reflect/default.md Markdown · 64 行

Undeclared memory path access · Hardcoded username in path

其他文件 · extract_sessions.py · reflect.md · emerge.md · drift.md

安全亮点

Sensitive data patterns (API keys, tokens, passwords) are properly redacted in session content

All processing writes locally to user-specified Obsidian Vault

No network exfiltration detected

No credential harvesting or data theft indicators

System prompts and boilerplate content are filtered

Code blocks are replaced with placeholders