buildlog
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is transparent about recording and sharing coding sessions, but users should review settings because buildlogs may include file contents and be public when uploaded.
Install only if you are comfortable with a session-recording tool. Treat buildlogs like publishable artifacts: keep them private by default for sensitive projects, avoid recording secrets, consider turning off file-content snapshots, and review contents before uploading.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private source code, prompts, terminal output, or secrets accidentally present in a session or file could be captured and shared.
The skill is designed to persist session context and file snapshots, and the example configuration makes included file contents and public buildlogs the default.
"captures your AI-assisted coding sessions in real-time" ... "includeFileContents": true ... "defaultPublic": true
Before recording or uploading, set buildlogs private if needed, consider disabling file-content snapshots, and review/redact sensitive material.
If the user uploads or enables autoUpload, recorded work may leave the local environment and be shared externally.
The skill can send recorded session data to an external service, but this is disclosed, purpose-aligned, and auto-upload is documented as disabled by default.
"Upload the buildlog" — Push to buildlog.ai; "Share the buildlog" — Upload and get a shareable link; "autoUpload": false
Keep autoUpload disabled unless you intentionally want automatic sharing, and confirm the buildlog contents before upload.
A configured API key could allow access to the user's buildlog.ai account features if mishandled.
The skill may use a buildlog.ai API key, which is expected for an upload/share integration and is disclosed in configuration.
"apiKey": "your-api-key" ... "Your buildlog.ai API key (optional for public uploads)"
Use a dedicated or limited-scope API key if available, store it securely, and avoid sharing configuration files containing the key.