Skills
skills/nanameru/claude-transcript-handoff-skill/cc-handoff/Gen Agent Trust Hub

cc-handoff

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses the ~/.claude/projects directory to extract conversation history. While this directory contains sensitive user data, this access is fundamental to the skill's stated purpose of creating handoff artifacts. The script operates entirely locally and does not perform any network operations.
  • [CREDENTIALS_UNSAFE]: The script implements a redaction system to mask API keys (OpenAI, GitHub, Stripe), tokens (Slack, Bearer, JWT), and password-like assignments within the transcripts before generating output files.
  • [COMMAND_EXECUTION]: The skill involves the execution of a local Node.js script (extract-claude-transcript.mjs) to process the transcript files. The script uses standard file system modules and does not employ dynamic execution or shell spawning.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 11:08 PM
Security Audit — agent-trust-hub — cc-handoff