Session Manager
v0.1.0Manage Claude Code sessions: lookup ID, import, summarize, analyze, classify, compress, delete, migrate, repair, rename, and generate web URLs.
⭐ 0· 19·0 current·0 all-time
byes6kr@drumrobot
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to manage local Claude Code sessions (lookup, compress, repair, migrate, delete, export). That purpose reasonably requires reading and writing session JSONL files under ~/.claude/projects and calling local CLI tools. However, the metadata declares no required binaries or config paths, while the SKILL.md and scripts assume availability of python3, bash, grep/jq/sed/stat, mv/rm, and access to the user's home directory (~/.claude/projects). This mismatch (implicit heavy filesystem/CLI requirements but none declared) is incoherent and should be disclosed.
Instruction Scope
Runtime instructions and bundled scripts perform direct, potentially destructive operations: moving/deleting session files, creating backups, overwriting files, deleting orphan tool_result messages, rebuilding parentUuid fields, and restarting IDE extension hosts. They also include pipelines that deliver session content to other agents (hookify, Serena) and recommend registering tools via npx. The skill sometimes claims 'sensitive information is automatically filtered' but there is no clear filtering implementation in the provided code. The instructions therefore go beyond mere inspection and grant broad discretion to modify or transmit user session data.
Install Mechanism
There is no install spec (instruction-only), which lowers supply-chain risk, but the skill's instructions suggest registering/using an MCP via `npx -y claude-sessions-mcp` and UTCP code-mode registration. If the agent executes those steps it would download and run code from npm at runtime. The code files included in the skill will be written to disk by the skill system (they exist in the bundle) and may be executed by the agent. This is not an automatic remote install, but it enables network installs if the agent follows the UTCP/`npx` instructions.
Credentials
The skill requests no environment variables or credentials, which superficially looks minimal, but it implicitly requires access to the user's home directory (~/.claude/projects), the ability to run local CLIs, and (for some features) to call MCP tools and write to Serena memory. Those filesystem and CLI privileges are effectively sensitive capabilities and are not enumerated in the metadata. Also, the skill describes sending session content to other agents/skills (hookify, Serena) without declared credentials or a clear, auditable filtering implementation.
Persistence & Privilege
always:false (normal). The skill can be invoked autonomously (platform default). Because the skill's operations include destructive file edits and deletion, autonomous invocation increases blast radius; this is not a platform misconfiguration but a user safety consideration. The skill does not modify other skills' configurations or request permanent installation privileges.
Scan Findings in Context
[pre-scan-injection-none-detected] expected: Static pre-scan flags contain no injection signals. This is consistent with a skill that is primarily local-file manipulation (many scripts) rather than obfuscated or obviously malicious payloads. Absence of findings does not imply safety given the destructive operations present.
What to consider before installing
This skill does what it says—it reads, rewrites, moves, compresses, and deletes your local Claude Code session files under ~/.claude/projects and can deliver session content to other agents. Before installing or allowing the agent to run it: 1) Review the included scripts (dedup-session.py, repair-session.py, destroy-session.sh, etc.) — they can permanently remove or alter messages and reconstruct parentUuid values. 2) Test only in a copy of your ~/.claude/projects directory (use dry-run flags where available). 3) Ensure you have current backups (the skill uses ~/.claude/projects/.bak but can overwrite backups). 4) Restrict autonomous invocation if you don’t fully trust the skill — the default allows the agent to run destructive operations. 5) Be cautious about allowing the agent to execute the suggested `npx` registration (it would download and run npm code). 6) If you proceed, verify presence of required local tools (python3, bash, grep, jq, sed, code/cursor CLI) and grant the least privilege necessary; consider auditing any outbound calls the skill makes (MCP/Serena/hookify) before sending session content externally.Like a lobster shell, security has layers — review code before you run it.
latest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Session
Integrated skill for managing Claude Code sessions.
Topics
| Topic | Description | Guide |
|---|---|---|
| analyze | Session statistics, tool usage patterns, optimization insights | analyze.md |
| classify | Classify project sessions (delete/keep/extract) | classify.md |
| compress | AI-compress sessions via UTCP/code-mode | compress.md |
| destroy | Delete current session and restart IDE | destroy.md |
| id | Look up current session ID (UUID) | id.md |
| import | Pipeline session data to other agents/skills | import.md |
| migrate | Move sessions between projects (main repo → worktree) | migrate.md |
| rename | Assign and look up custom title for session | rename.md |
| repair | Restore session structure (chain, tool_result, UUID) | repair.md |
| summarize | View and summarize conversation content from other sessions | summarize.md |
| url | Generate claude-sessions web URL from session ID | url.md |
Quick Reference
Summarize (View/Summarize Sessions)
/session summarize # select project/session then summarize
/session summarize <session_id> # summarize a specific session
Import (Pipeline Delivery)
/session import --hookify # deliver to hookify
/session import --analyze # analysis pipeline
/session import --to <agent> # deliver to specific agent
Analyze (Session Analysis)
/session analyze # analyze current session
/session analyze <session_id> # analyze specific session
/session analyze --sync # sync to Serena memory
Classify (Session Classification)
/session classify # classify current project sessions
/session classify --depth=medium # required when classifying sessions scheduled for split
/session classify --execute # execute immediately after classification
⚠️ --depth=medium or higher required before split — fast only reads the last 3 messages, so it may miss different topics at the end of the session.
Migrate (Move Sessions Between Projects)
/session migrate # classify + move code sessions to worktree
/session migrate --dry-run # preview only
/session migrate <source> <target> # specify source/target projects
Classifies sessions as CODE/INFRA/TINY/READ, then moves CODE sessions to worktree project and optionally deletes TINY sessions.
Compress (Session Compression)
/session compress <session_id> # compress specific session
/session compress # batch compress sessions containing "hookEvent":"Stop"
Register claude-sessions-mcp with UTCP, then call via code-mode.
ID (Session ID Lookup + Keyword Search)
/session id # look up current session ID
/session id Makefile remove # search sessions by keyword
/session id --today ansible/Makefile # search only today's sessions by file path
Current session ID: output unique marker → search JSONL with find-session-id.sh → return UUID
Keyword search: grep project JSONL → sort by modification time descending → return most recent matching session
Destroy (Delete Session)
scripts/destroy-session.sh
Repair (Session Recovery)
/session repair # select session, then validate and repair
/session repair <session_id> # repair specific session
/session repair --dry-run # preview only
/session repair --check-only # validate only (no repair)
Repair targets:
- Broken chain (missing parentUuid)
- Orphan tool_result (no matching tool_use)
- Duplicate UUIDs
Rename (Naming a Session)
# Assign a name to a specific session
bash ~/.claude/skills/session/scripts/rename-session.sh <session_id> "name"
# Assign a name to the latest session in the current project
bash ~/.claude/skills/session/scripts/rename-session.sh "name"
# Check current title
bash ~/.claude/skills/session/scripts/rename-session.sh --show <session_id>
# List named sessions in current project
bash ~/.claude/skills/session/scripts/rename-session.sh --list
Project Name Conversion Rules
| Actual Path | Project Name |
|---|---|
/Users/david/works/.vscode | -Users-david-works--vscode |
/Users/david/Sync/AI | -Users-david-Sync-AI |
Rule: / → -, remove leading / from path
Requirements
- claude-code-sessions MCP server required
- Serena MCP server (when using analyze --sync)
Files
22 totalSelect a file
Select a file to preview.
Comments
Loading comments…