claude-tracker-suite

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies extensively on shell command execution and script invocation to manage session lifecycles and automate terminal applications.
  • Evidence: JS and Bash scripts in the scripts/ directory use child_process.execSync, spawnSync, and osascript to interact with system tools and the cmux CLI.
  • [DATA_EXFILTRATION]: The skill accesses sensitive conversation transcripts and project history stored in the ~/.claude/ directory. While this is the intended purpose of the skill, it involves reading potentially private code and metadata.
  • Evidence: scripts/search-sessions.js and scripts/list-sessions.js parse JSONL files in the project session directories to extract message content and summaries.
  • [PROMPT_INJECTION]: The skill displays content from historical session transcripts (JSONL files), which represents an indirect prompt injection attack surface if those transcripts contain malicious instructions.
  • Ingestion points: ~/.claude/projects/*/*.jsonl (session history transcripts read by search and list tools).
  • Boundary markers: Absent; transcript content is displayed directly in the terminal output.
  • Capability inventory: The skill has permissions to execute arbitrary shell commands via the platform's Bash tool and its own scripts.
  • Sanitization: search-sessions.js includes a NOISE_PATTERNS filter to ignore standard system context files like CLAUDE.md and MEMORY.md during searches.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 04:39 PM
Security Audit — agent-trust-hub — claude-tracker-suite