Session Reflect
v0.2.1Analyze Claude Code session history to generate self-observation journals, detect goal drift, and surface hidden behavioral patterns. Outputs to Obsidian Vault.
⭐ 1· 45·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (session analysis → Obsidian) match the code and SKILL.md: the script discovers ~/.claude/projects/*.jsonl, extracts user messages, sanitizes them, and writes markdown into the user-specified Obsidian Vault. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions explicitly tell the agent to read both auto-synced '对话记录' and the user's Obsidian notes (recent files) to produce analyses. This is coherent with the stated purpose, but it means the skill will read arbitrary user notes (which may contain sensitive material). The script implements regex-based redaction and truncation, but regex redaction is not perfect — users should assume the tool can see any plaintext stored in the Vault and in Claude session files.
Install Mechanism
No install spec is embedded in the skill bundle; it's instruction-only and includes the python script. SKILL.md suggests a git clone from a GitHub repo if the user wants, which is normal but optional. The included code contains no network calls or download behavior. Note: running the optional git clone would fetch external code and should be treated like any third-party repository.
Credentials
The skill requires no environment variables, credentials, or privileged config paths. It reads files under the user's home directory (~/.claude/projects, the Obsidian Vault) and stores state under ~/.config/session-reflect, which are proportional to its function.
Persistence & Privilege
The skill is not marked always:true and doesn't request elevated system privileges. It writes its own config/state under ~/.config/session-reflect and creates folders inside the user-specified Vault — this is expected. Because model invocation is allowed (default), the agent can invoke the skill autonomously; combined with the skill's access to personal notes, that increases potential blast radius, but this is a normal platform behavior rather than a specific flaw in the skill.
Assessment
This skill appears to do what it says: locally extract Claude session content and analyze your Obsidian notes to produce reflection journals. Before installing/running: 1) Review extract_sessions.py yourself (it's included) to be comfortable that no unexpected network/upload calls are present; 2) Be aware the tool reads your entire Vault and recent Claude sessions — if you store secrets or sensitive data there, redact or move them first (the script attempts regex-based redaction, but that is not foolproof); 3) If you follow the optional 'git clone' install step, treat that repository like any third-party code (review it first); 4) Back up your Vault before initial backfill; 5) Consider when/if you allow the agent to invoke this skill autonomously, since autonomous use + access to your notes increases impact. If you want higher assurance, run the included script in an isolated environment or inspect/modify the sanitization rules to match your threat model.Like a lobster shell, security has layers — review code before you run it.
journalingvk9760bavhqdndscq6nyd09k155845kcalatestvk9706cjm358f3n72kwqh0jst0184ay9qobsidianvk9760bavhqdndscq6nyd09k155845kcapersonal-growthvk9760bavhqdndscq6nyd09k155845kcaself-reflectionvk9760bavhqdndscq6nyd09k155845kcasession-analysisvk9760bavhqdndscq6nyd09k155845kca
License
MIT-0
Free to use, modify, and redistribute. No attribution required.