Codesession
PassAudited by ClawScan on May 1, 2026.
Overview
Codesession appears to be a coherent local tracking tool for AI coding sessions, with expected notes around installing a global CLI and storing session history locally.
This skill looks reasonable for tracking AI coding-session costs and activity. Before installing, be comfortable with a global npm CLI recording local session history, changed files, commits, notes, and AI usage data under ~/.codesession, and remember to end sessions or clear data when you do not want tracking to continue.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill gives the agent access to run the locally installed cs command from the npm package.
The skill relies on installing and running a globally available npm CLI package. This is expected for the tool, but the user must trust that package as the executable implementation.
node | package: codesession-cli | creates binaries: cs
Install from the intended npm package source and review the package or repository if you require stronger supply-chain assurance.
The agent may run tracking commands during multi-step work without asking each time.
The skill explicitly expects the agent to invoke the CLI automatically for tracking. This matches the purpose, but it is still autonomous local tool use.
The OpenClaw agent will automatically use it to track sessions.
Use this skill if you want automatic session tracking; otherwise disable or avoid invoking it for tasks where you do not want local activity recorded.
Local session history may contain project names, changed file paths, commits, notes, token counts, and cost information.
The skill persists session data locally, including usage and project activity, which can be reused in dashboards, exports, and historical views.
Data is stored locally at `~/.codesession/sessions.db`.
Review and clear the local database when needed, and avoid adding sensitive information to session notes.
If interactive mode is used, local monitoring of file and git activity can continue until the process or session is ended.
The skill discloses a long-running local watcher mode. This is purpose-aligned for tracking but should be noticed because it continues monitoring until stopped.
Without `--json`, the process stays running with a live file watcher and git commit poller until you press Ctrl+C or run `cs end`
Prefer the documented agent JSON mode for short-lived command execution, and run `cs end` or stop the process when tracking is no longer needed.