← Back to Skills Marketplace
97
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install session-wrap-up-premium
Description
Premium session wrap-up: flush daily log, update MEMORY, update PARA, git commit + push, generate summary. Ensures zero context loss between sessions. Includ...
Usage Guidance
This skill is functionally coherent but potentially dangerous in practice. Before installing or running it:
- Do not run it in a repository or workspace that contains secrets, private keys, or sensitive files; the skill will run git add -A and git push automatically.
- Treat the commit_message input as untrusted: the script inserts it into a shell command using shell=True, making it vulnerable to command injection. Avoid passing untrusted text as commit_message or patch the script to use subprocess.run([...], shell=False) or a Git library (e.g., GitPython) to pass arguments safely.
- Prefer requiring explicit confirmation before committing/pushing. The current behavior is automatic by design and can cause accidental pushes.
- If you must use it, run it in an isolated test workspace first and inspect notes and memory files it will create.
- Consider these code fixes before use: escape/validate the commit message, call subprocess.run with a list (no shell=True), or use a native Git API to avoid shell interpolation; add an interactive confirmation step prior to git push; and limit the agent's ability to invoke the tool autonomously.
- Review your Git remote (origin) and credentials — the skill will use whatever is configured locally and could upload data to remote servers without additional prompts.
Because the implementation matches the described purpose but has clear unsafe handling of shell commands and automatic push behavior, I rate it as suspicious. If you want, I can produce a safe patch for git_commit_push and a checklist of runtime safeguards to reduce risk.
Capability Analysis
Type: OpenClaw Skill
Name: session-wrap-up-premium
Version: 1.0.0
The skill is classified as suspicious due to a critical shell injection vulnerability in scripts/run.py, where the user-provided 'commit_message' is passed directly into a shell command via subprocess.run(shell=True). While the tool's behavior (automating git commits and updating workspace logs) aligns with its stated purpose, the combination of high-privilege 'danger_full_access' and unsafe command construction creates a significant security risk. No evidence of intentional malice or data exfiltration was detected.
Capability Assessment
Purpose & Capability
The name/description match the implementation: the code appends session summaries to memory/YYYY-MM-DD.md, updates MEMORY.md and notes/areas/open-loops.md, and runs git add/commit/push. The PARA and summary features described in SKILL.md are implemented in the script.
Instruction Scope
The SKILL.md and run.py instruct the agent to modify workspace files and run git add/commit/push automatically with no confirmation. More importantly, git_commit_push builds a shell command using an unescaped user-supplied commit message and calls subprocess.run(..., shell=True) — this is a command injection vector. The skill also can write arbitrary content into notes files from provided inputs.
Install Mechanism
No install spec; this is an instruction-only skill with a bundled script. Nothing is downloaded from external URLs and no packages are installed during install-time.
Credentials
The skill requests no environment variables or credentials, which is consistent superficially. However, it performs git push using whatever Git credentials/remote are configured in the environment — it can therefore expose repository contents (including secrets) to the configured remote without explicit consent. Combined with the command-injection risk, this implicit use of existing credentials elevates the danger.
Persistence & Privilege
always is false and the skill does not claim to modify global agent config or other skills. It operates only on the current working directory (workspace), so it does not request elevated platform privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install session-wrap-up-premium - After installation, invoke the skill by name or use
/session-wrap-up-premium - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — automated flush, commit, push, PARA update
Metadata
Frequently Asked Questions
What is Session Wrap-Up Premium?
Premium session wrap-up: flush daily log, update MEMORY, update PARA, git commit + push, generate summary. Ensures zero context loss between sessions. Includ... It is an AI Agent Skill for Claude Code / OpenClaw, with 97 downloads so far.
How do I install Session Wrap-Up Premium?
Run "/install session-wrap-up-premium" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Session Wrap-Up Premium free?
Yes, Session Wrap-Up Premium is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Session Wrap-Up Premium support?
Session Wrap-Up Premium is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Session Wrap-Up Premium?
It is built and maintained by NeroAgent (@neroagent); the current version is v1.0.0.
More Skills