Back to skill
Skillv1.0.0
ClawScan security
Nm Sanctum Session Management · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 20, 2026, 12:01 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only helper for naming, checkpointing, and resuming Claude Code sessions; its instructions, lack of installs, and lack of credential requests are consistent with that purpose.
- Guidance
- This skill is a documentation-style helper for Claude Code session naming and resumption and appears internally consistent. It does assume you run it inside Claude Code and may call other Sanctum/Claude Code commands or skills (e.g., git-workspace-review, /debug). Before installing or using it: ensure you trust the Claude Code plugins it references (those other skills may access your workspace or repositories), keep sensitive data out of long-lived named sessions, and periodically clean old named sessions. No credentials are requested by this skill itself, but integrations like 'gh pr create' or other invoked skills may require tokens—review those plugins' permission needs before enabling them.
Review Dimensions
- Purpose & Capability
- okName, description, and commands (e.g., /rename, claude --resume) align with session checkpointing and resume workflows. It does not request unrelated binaries, credentials, or config paths.
- Instruction Scope
- noteSKILL.md stays within session-management workflows but references other Claude Code commands/skills (e.g., Skill(sanctum:git-workspace-review), /catchup, /debug) and describes session file behavior (compaction, transcripts). These references are expected for a session manager but mean the skill effectively assumes a Claude Code environment and other plugins/tools may be invoked.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files—nothing is written to disk or downloaded by the skill itself.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. Mentions of integrations (gh pr create, resume from PR) are descriptive and do not ask for GitHub tokens or other secrets.
- Persistence & Privilege
- okalways: false and user-invocable: true. The skill does not request permanent presence or elevated privileges; it relies on the host Claude Code runtime to perform resume actions.