Session Wrap-Up
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill’s wrap-up purpose is clear, but it automatically stages all workspace changes and pushes them to Git without confirmation, which could publish unintended or sensitive content.
Use this only in repositories where you are comfortable with automatic commits and pushes. Before installing or invoking it, consider changing the workflow to show a diff, stage only memory/notes files, and ask for confirmation before committing or pushing.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could commit and push unrelated, incomplete, or sensitive files to the repository remote when the user only asked to wrap up the session.
The skill tells the agent to stage all workspace changes and push them automatically, which is broad mutation and publication authority without a required user review.
git add -A git status git commit -m "wrap-up: YYYY-MM-DD session summary" git push Notes: - The wrap-up `git push` is **automatic** (no confirmation prompt).
Require an explicit confirmation step after showing git status and a diff, and narrow staging to the intended memory and notes paths instead of using git add -A.
The skill may use the user’s existing Git access to publish changes to a personal, team, or production repository without a final approval check.
A git push will use the user’s configured Git identity, remote, and credentials, but the skill does not bound which repository, branch, or account is affected.
git push Notes: - The wrap-up `git push` is **automatic** (no confirmation prompt).
Ask the user to confirm the target remote and branch before pushing, and document that the workflow uses the user’s existing Git credentials.
Conversation details and inferred preferences may persist across sessions and could be reused later, so sensitive topics should not be captured unintentionally.
The skill intentionally writes session details and user preferences into persistent memory files for future continuity.
Write to `memory/YYYY-MM-DD.md` ... Key topics discussed in this session ... update `MEMORY.md`: New user preferences discovered
Review memory updates before committing them, avoid recording secrets or sensitive personal data, and define retention or deletion expectations.