Session Wrap-Up Premium

Premium session wrap-up: flush daily log, update MEMORY, update PARA, git commit + push, generate summary. Ensures zero context loss between sessions. Includ...

This skill is functionally coherent but potentially dangerous in practice. Before installing or running it: - Do not run it in a repository or workspace that contains secrets, private keys, or sensitive files; the skill will run git add -A and git push automatically. - Treat the commit_message input as untrusted: the script inserts it into a shell command using shell=True, making it vulnerable to command injection. Avoid passing untrusted text as commit_message or patch the script to use subprocess.run([...], shell=False) or a Git library (e.g., GitPython) to pass arguments safely. - Prefer requiring explicit confirmation before committing/pushing. The current behavior is automatic by design and can cause accidental pushes. - If you must use it, run it in an isolated test workspace first and inspect notes and memory files it will create. - Consider these code fixes before use: escape/validate the commit message, call subprocess.run with a list (no shell=True), or use a native Git API to avoid shell interpolation; add an interactive confirmation step prior to git push; and limit the agent's ability to invoke the tool autonomously. - Review your Git remote (origin) and credentials — the skill will use whatever is configured locally and could upload data to remote servers without additional prompts. Because the implementation matches the described purpose but has clear unsafe handling of shell commands and automatic push behavior, I rate it as suspicious. If you want, I can produce a safe patch for git_commit_push and a checklist of runtime safeguards to reduce risk.

Type: OpenClaw Skill Name: session-wrap-up-premium Version: 1.0.0 The skill is classified as suspicious due to a critical shell injection vulnerability in scripts/run.py, where the user-provided 'commit_message' is passed directly into a shell command via subprocess.run(shell=True). While the tool's behavior (automating git commits and updating workspace logs) aligns with its stated purpose, the combination of high-privilege 'danger_full_access' and unsafe command construction creates a significant security risk. No evidence of intentional malice or data exfiltration was detected.