atifact
PassAudited by ClawScan on May 16, 2026.
Overview
This instruction-only skill is coherent for converting user-selected session logs, but users should be aware it relies on an external npm CLI and can create files containing sensitive trajectory data.
This skill appears safe for its stated purpose if you intentionally choose the session log to convert and trust the external `atifact` npm CLI. Be cautious with HAR and JSONL logs because they can contain private prompts, tool outputs, request metadata, or other sensitive session details, and the generated trajectory files may preserve that information.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package allows external code from npm to run on the user's machine when the CLI is used.
The skill depends on an external globally installed npm CLI, but the CLI implementation is not part of the provided artifact set. This is a normal setup pattern for a CLI wrapper skill, but users are trusting the npm package.
If not installed, install globally: ```bash npm install -g atifact ```
Install only from a trusted npm source, consider pinning or verifying the package version, and avoid running it on highly sensitive logs unless you trust the CLI.
The agent may execute the `atifact` command on the selected session log and create trajectory files at the chosen output path.
The skill instructs the agent to run a local command that reads a user-specified file and writes output files. This is central to the stated conversion purpose and is not hidden or overbroad.
Run `atifact` with the input file. Use `-o` to set the output prefix (e.g., `atifact /path/to/session.har -o /path/to/session`).
Confirm the intended input file and output prefix before running the conversion, especially when logs are private or outputs are saved in shared folders.
Generated trajectory files may contain sensitive details from the original agent session and could expose them if shared or stored insecurely.
The skill transforms session recordings into persistent trajectory JSON. These artifacts may preserve conversation context, tool calls, observations, metadata, and timestamps.
Convert agent session recordings (HAR files, Claude Code JSONL logs, Copilot CLI JSONL logs) into structured ATIF v1.6 trajectory JSON
Review generated trajectory files before sharing them and store or delete them according to the sensitivity of the original session logs.