← 返回 Skills 市场
82
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install session-tools
功能描述
Manage Claude Code sessions: lookup ID, search, import, summarize, analyze, classify, compress, delete, repair, and rename sessions accurately.
安全使用建议
This skill is coherent with the described purpose (managing local Claude session files) but carries data-exfiltration and supply-chain risks you should understand before installing:
- Review pipelines: The "import" and pipeline features can send full session contents to other agents or to Serena memory. Sessions often contain secrets (API keys, tokens, private config). Do not run import/pipeline functions unless you trust the target agent/service and have inspected what will be sent. Prefer dry-run or --analyze-only modes first.
- Validate the filtering claim: The docs say sensitive data is filtered, but I couldn't find code that reliably strips secrets. Assume session content may include secrets unless you verify filtering logic yourself.
- Inspect scripts locally: The skill includes bash/python scripts that will modify files under ~/.claude/projects (dedup, repair, destroy, rename). Back up important sessions before running destructive commands; the skill already performs some backups, but manual backups are recommended.
- Be cautious with npx/UTCP registration: The docs show using `npx -y claude-sessions-mcp` to register an MCP tool — that will download and run remote npm code. Only do this if you trust the npm package and its source.
- Test in a safe environment: If possible, run the skill on non-sensitive test sessions or inside an isolated account/container first.
- Ask the author or maintainer: Request explicit documentation of what data is sent in import pipelines, what filtering is applied, and any credentials required by the MCP/Serena calls. If those answers are missing, treat pipeline features as high-risk.
If you want, I can (a) highlight the specific lines/files to inspect further (summarize-session.py, any code that constructs pipeline Task tools, and whether summarize/export code truncates or filters tokens), or (b) produce a checklist of safe-run steps before using each subcommand.
能力评估
Purpose & Capability
Name/description align with the provided scripts and docs: the skill reads, summarizes, repairs, compresses, renames and deletes local Claude session JSONL files under ~/.claude/projects and calls MCP tools for analysis/import. However, some claimed behaviors (e.g., "Sensitive information is automatically filtered") are asserted in docs but I found no code implementing robust filtering; also the skill instructs registration via npx (runtime package download) which is outside the narrow local file-management expectation and should be justified.
Instruction Scope
SKILL.md and the included scripts instruct the agent to read and modify session JSONL files in the user's home (~/.claude/projects), append custom-title records, move/delete files (destroy), and rewrite files (dedup/repair). Import pipelines and compress/summarize operations can deliver session content to other agents or Serena memory (mcp__serena__write_memory or Task-tool pipelines). Those actions legitimately belong to a session-management skill, but they can transmit arbitrary conversation content (which often contains API keys, tokens, or other secrets). The docs claim automatic filtering of sensitive info, but I found no corresponding implementation in the provided scripts, so the agent could unintentionally exfiltrate secrets.
Install Mechanism
There is no formal install spec (instruction-only), which reduces supply-chain risk. However docs instruct registering the claude-sessions-mcp via UTCP and show an npx-based command (npx -y claude-sessions-mcp) for runtime registration; using npx will fetch and execute remote npm code at runtime. That behavior is not codified in a declared install step and represents a moderate supply-chain risk if the remote package is untrusted.
Credentials
The registry metadata declares no required env vars or credentials, which is consistent with local file operations. But the skill expects (and can call) external MCP services and Serena memory, which typically require service endpoints/credentials that are not declared. More importantly, the skill's import/pipeline features can transmit session contents (potentially including secrets) to other agents or external storage — yet the skill does not require or document explicit safeguards or credentials for those targets. The claim that sensitive information is "automatically filtered" is unsubstantiated in the code.
Persistence & Privilege
The skill is not always-enabled and is user-invocable; it does not request system-wide persistent privileges. It does modify files in the user's ~/.claude workspace (expected for this kind of tool) and restarts the extension host when deleting sessions; those are within scope and documented. No 'always: true' or similar elevated privileges are requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install session-tools - 安装完成后,直接呼叫该 Skill 的名称或使用
/session-tools触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release: id, import, summarize, analyze, classify, compress, destroy, repair, rename topics
元数据
常见问题
Session Tools 是什么?
Manage Claude Code sessions: lookup ID, search, import, summarize, analyze, classify, compress, delete, repair, and rename sessions accurately. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 82 次。
如何安装 Session Tools?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install session-tools」即可一键安装,无需额外配置。
Session Tools 是免费的吗?
是的,Session Tools 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Session Tools 支持哪些平台?
Session Tools 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Session Tools?
由 es6kr(@drumrobot)开发并维护,当前版本 v0.1.0。
推荐 Skills