Apply Learnings
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is not obviously malicious, but it can read broad Claude session history and save changes into long-lived agent memory and skills, so users should review scope and proposed edits carefully.
Before installing or invoking this skill, decide how much session history you are comfortable analyzing. Prefer narrow scopes, inspect all proposed memory or skill edits, and avoid saving secrets, private user details, or one-off instructions into global memory.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private project details, personal information, or sensitive snippets from past sessions could be summarized into memory and reused or synced in future environments.
The skill can analyze broad historical session content and persist derived context into long-lived, cross-machine memory, but the visible instructions do not specify redaction, exclusions, or retention controls.
"All sessions" - Complete history across all projects ... "~/.claude/MEMORY.md" ... "synced via TerraBlob to all machines"
Use the narrowest scope possible, review every proposed learning before saving it, and remove secrets, personal data, or temporary context from MEMORY.md and CLAUDE.md.
A bad saved rule could repeatedly steer Claude toward the wrong tools, coding conventions, or project behavior across future tasks.
The skill can turn extracted learnings into persistent edits to global/project instructions and skills; an incorrect or poisoned learning could affect many later sessions or workflows.
"Existing skill reference" ... "Project CLAUDE.md" ... "New skill" ... "Apply as proposed — write to the suggested destination"
Approve only specific, accurate learnings; prefer project-specific destinations; keep backups or diffs of edited memory and skill files so changes can be reverted.
The script will inspect local Claude session files according to the selected scope.
The skill asks the agent to run a local Python script. This is expected for its purpose, and the workflow asks the user to choose scope, but it is still local code execution over sensitive session data.
python3 ~/.claude/skills/apply-learnings/scripts/analyze_session.py --scope <scope>
Run it only from the installed skill path you trust, and choose current-session or current-project scope unless broader history is truly needed.