Session Wrap-Up
Security checks across malware telemetry and agentic risk
Overview
This is a plausible session wrap-up helper, but it automatically stages, commits, and pushes all workspace changes, which could publish unrelated or sensitive files without a final review.
Use this only in repositories where you are comfortable with the agent updating memory files and Git history. Before allowing the push behavior, change the workflow to stage only intended files, show the diff, and ask for confirmation.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Unrelated code, deletions, generated files, or secrets in the workspace could be committed and pushed to a remote repository during wrap-up.
`git add -A` stages all workspace changes, not just the memory or PARA notes, and the documented push happens without a confirmation prompt.
git add -A git status git commit -m "wrap-up: YYYY-MM-DD session summary" git push Notes: - The wrap-up `git push` is **automatic** (no confirmation prompt).
Require an explicit user confirmation after showing `git status` and a diff, and restrict staging to the specific memory/notes files the skill updated.
Remote repository changes may be made under the user's Git identity without a final approval step.
A successful `git push` uses the user's existing Git remote authority to change a repository, but the skill does not require explicit approval for that delegated action.
git push Notes: - The wrap-up `git push` is **automatic** (no confirmation prompt).
Make pushing optional, clearly identify the remote and branch, and ask the user to approve before using their Git permissions.
Session details may remain in local memory files and influence future sessions; if pushed, they may also leave the local machine.
The skill intentionally stores session details and user preferences in persistent memory and notes files, which is purpose-aligned but can retain sensitive or incorrect context for later use.
Write to `memory/YYYY-MM-DD.md` ... Commands, configs, or code that worked ... update `MEMORY.md`: New user preferences discovered ... Check and update the PARA structure in `notes/`
Review and redact memory entries before committing or pushing, especially for secrets, private project details, credentials, or sensitive configuration.