[Beta] Cross-session analysis of accumulated .learnings/ files. Reads all entries, groups by pattern_key, computes recurrence across sessions, and outputs ra...
Security Analysis
high confidenceThe skill's instructions and requirements are coherent with its stated purpose: it reads .learnings/ entries and produces a gap report; it asks for no credentials or installs and does not perform unexpected actions.
Name/description (aggregate .learnings/ into promotion candidates) aligns with the runtime instructions. The skill only describes reading learning logs, grouping, ranking, and producing reports; it does not request unrelated binaries, cloud credentials, or external services.
SKILL.md explicitly instructs the agent to read all files under .learnings/ and to reference project instruction files (CLAUDE.md, AGENTS.md, .github/copilot-instructions.md). That behaviour is expected for this skill, but the skill declares no required config paths — confirm your agent runtime will grant exactly the intended file-read access and no broader filesystem privileges. The instructions do not direct data to external endpoints.
No install spec and no code files — instruction-only. This minimizes risk because nothing is downloaded or written by an installer.
The skill declares no environment variables, credentials, or config paths. That matches the described behavior (local aggregation of learning files).
always:false (default) and autonomous invocation is allowed (normal). The SKILL.md describes handoff to other agents (harness-updater, eval-creator) that may apply changes to project instruction files — verify those downstream agents and any automatic workflows are trusted and have appropriate write permissions and human review gates, otherwise the chain could cause unintended edits.
Guidance
This skill appears to do what it says, but check a few things before enabling it: (1) Confirm the agent runtime will be granted read access only to the intended .learnings/ location and any project files you permit; (2) Review .learnings/ for sensitive content before aggregation (these logs can contain secrets or private data); (3) If the suggested handoff agents (harness-updater, eval-creator) exist in your environment, ensure they require human review or have restricted write permissions so automated edits to CLAUDE.md / AGENTS.md cannot happen without oversight; (4) If you want stronger auditability, ask the skill author to declare required config paths in metadata so you can explicitly approve filesystem access.
Latest Release
v1.0.0
learning-aggregator 1.0.0 - Initial beta release. - Aggregates `.learnings/` files across sessions to identify recurring patterns and gaps. - Groups entries by pattern key, computes recurrence, and ranks promotion candidates. - Outputs structured gap reports with actionable recommendations. - Supports manual and scheduled runs, with filtering options by date, area, and recurrence. - Includes optional deep analysis by integrating raw session trace data.
More by @pskoett
Published by @pskoett on ClawHub
