Ai Session Analysis
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly purpose-aligned and local, but it reads sensitive AI-session history and inaccurately says terminal output is safe to share.
Review before installing. This skill appears designed to run locally and analyze exactly the AI-session logs it describes, but those logs may contain private prompts, commands, file paths, repository names, and project history. Do not share the HTML report, and also do not share terminal output unless you have checked it for raw commands, searches, errors, and project details.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your local coding-assistant history, including project names, file paths, commands, and usage patterns, may appear in reports or summaries.
The skill intentionally reads persistent local AI-assistant session records and can generate an HTML file containing sensitive work-history metadata. This is aligned with the stated purpose, but users should treat the outputs as private.
Scripts read directly from these paths... `~/.claude/projects/*.jsonl` | Full transcripts... `~/.claude/history.jsonl` | User input history... The HTML report (`generate_report.py`) embeds your session data directly — file paths, shell commands, project names, and tool usage patterns.
Run it only on machines and accounts where you are comfortable analyzing all matching session history, and do not share generated reports or raw output without reviewing them first.
A user could share terminal output believing it is only aggregate data, accidentally exposing sensitive commands, searches, or project context.
The documentation's safe-to-share claim is contradicted by code that prints raw sample shell commands and web-search queries, which can contain private paths, secrets, repository names, or work details.
SKILL.md: "The terminal-based scripts (`analyze.py`, `tool_analysis.py`) only print aggregate statistics and are safe to share." / scripts/tool_analysis.py: "print(f\"\n Sample commands:\")" ... "print(f\" $ {cmd[:150]}\")" and "for q in searches[:3]: print(f\" \\\"{q}\\\"\")"Treat terminal output as potentially sensitive too; the author should revise the Security Note or redact raw examples before printing.
The scripts can read local session files and write a report file when run.
The skill asks the agent or user to execute bundled local Python scripts. This is central to the skill's purpose and the provided code is stdlib-only, but it still runs with the user's local file permissions.
python3 ~/.claude/skills/ai-session-analysis/scripts/analyze.py python3 ~/.claude/skills/ai-session-analysis/scripts/tool_analysis.py python3 ~/.claude/skills/ai-session-analysis/scripts/generate_report.py [output.html]
Run the scripts intentionally, review their outputs before sharing, and use an output path you control for the HTML report.