Checkpoints
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is a coherent audit-log helper, but it may save prompts and conversation details with git commits, so users should redact sensitive content and control whether checkpoints are shared.
Install only if you want AI-code audit trails tied to git commits. Before using it, decide whether checkpoint files should stay local or be committed, redact secrets and private conversation details, and use any external checkpoint service only if it is approved for your project.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private prompts, secrets accidentally pasted into chat, or internal project details could be saved into checkpoint files and later reused or shared.
The skill explicitly tells the agent to persist AI-generation context, including prompts, conversation material, rationale/steps, decisions, and metadata. That is purpose-aligned for auditability but can contain sensitive project or user information.
自动记录 AI 生成代码的完整上下文 ... 提示词、对话记录、推理步骤、决策逻辑 ... 元数据
Store concise summaries rather than raw conversation logs, redact secrets before saving, avoid recording hidden/system instructions or private internal reasoning, and keep checkpoint files local unless the user or team explicitly wants them versioned.
Checkpoint data could leave the local repository and be stored by another tool or service.
The skill allows using an external checkpoints tool or service to upload the captured context. This is disclosed and optional, but the uploaded data may include sensitive prompts or conversation summaries.
若有现成的 Checkpoints 工具或服务,按该工具的 API/CLI 上传上述内容
Only use approved checkpoint services, confirm the destination and access controls, and redact sensitive information before any upload.
The repository may gain checkpoint files, commit-message references, or tags containing audit metadata.
The workflow can involve committing code and writing checkpoint files or references. This is central to the stated git-audit purpose, but it mutates the repository and should remain user-directed.
若尚未提交,先执行提交,取得 commit hash;再写入 checkpoint 文件或调用外部工具
Confirm with the user before committing or adding checkpoint artifacts, and keep generated files in a clearly named, project-approved location such as .checkpoints/ or docs/checkpoints/.