ClawHub
Back to skill

Security audit

Session Feedback Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it reads broad local Claude session history and stores user-message excerpts by default.

Install only if you are comfortable with a local tool reading Claude Code session logs. Prefer running it with --no-snippets, a narrow --session-dir, and --skill-filter when possible. Treat feedback-store/feedback.jsonl and its archive as sensitive because they may contain conversation excerpts and project history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README instructs users to parse local Claude session logs from `~/.claude/projects/**/*.jsonl` and emit derived feedback records, but it does not prominently warn that these logs may contain sensitive prompts, code, secrets, or personal data. Because this skill is specifically designed to process private local session history and persist extracted results to `feedback-store/feedback.jsonl`, omission of privacy guidance increases the risk of unintentional disclosure, retention, or secondary reuse of sensitive data.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrase "feedback" is extremely broad and can match many unrelated user requests, causing accidental activation of a skill that scans session history and writes derived artifacts. Because this skill processes potentially sensitive logs, unintended invocation increases the chance of over-collection and privacy exposure.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The regex-like trigger "user.*feedback" is ambiguous and may match common requests about user feedback generally, not specifically session-log mining for skill analytics. This can route unrelated prompts into a skill that reads stored conversations and persists snippets, creating unnecessary data exposure.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger "analyze.*session" is broad enough to match many generic session-analysis tasks. Since this skill's default behavior includes reading historical sessions and producing persistent output, overbroad activation can lead to unintended analysis of sensitive conversation data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The description does not clearly warn that default operation may collect and persist user message snippets from session data. Users and calling agents may therefore invoke the skill without understanding that natural-language excerpts from prior conversations can be stored in feedback artifacts, which is a privacy-sensitive default.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script persists session-derived user message snippets to a JSONL file on disk by default, and those snippets can contain sensitive or private user content from prior conversations. In this skill's context, it scans local Claude session histories across projects, so the privacy risk is elevated because the collected data may include secrets, internal project details, or personal information and there is no in-file user-facing disclosure or privacy-preserving default before storage.

Ssd 3

Medium
Confidence
96% confidence
Finding
The documented default behavior stores snippets of user responses from session logs into feedback.jsonl, creating a direct natural-language data leakage path. Session content can include secrets, personal data, internal code details, or other sensitive context, and persisting excerpts increases exposure, retention, and downstream reuse risk.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal