claudeaceae/.claude/skills/diagnose-leaks
.claude/skills/diagnose-leaks/SKILL.md
--- name: diagnose-leaks description: Diagnose thinking trace leaks in Samara message output. Use when internal content appears in messages, session IDs leak to users, or thinking blocks become visible. Trigger words: leak, thinking trace, session ID, internal, sanitization, filtered. context: fork allowed-tools: - Bash - Read - Grep --- # Diagnose Thinking Trace Leaks Debug and verify the three-layer defense against internal content leaking into user-visible messages. ## Background Co
$ install --global
skillsauthnpx skillsauth add claudeaceae/samara-main .claude/skills/diagnose-leaksInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 8:50 PM1.8s1 file scanned
SKILL.md
- name:
- diagnose-leaks
- description:
- Diagnose thinking trace leaks in Samara message output. Use when internal content appears in messages, session IDs leak to users, or thinking blocks become visible. Trigger words: leak, thinking trace, session ID, internal, sanitization, filtered.
- context:
- fork
Diagnose Thinking Trace Leaks
Debug and verify the three-layer defense against internal content leaking into user-visible messages.
Background
Complex group chat scenarios with multiple concurrent requests (webcam + web fetch + conversation) can cause internal thinking traces and session IDs to leak. This skill helps diagnose such issues.
Quick Diagnostics
1. Check for Recent Filtered Content
# Look for sanitization activity in logs (DEBUG level)
grep -i "Filtered from response" ~/.claude-mind/system/logs/samara.log | tail -20
# Check if sanitization is actively filtering
grep -E "(THINKING|SESSION_ID|ANTML)" ~/.claude-mind/system/logs/samara.log | tail -10
2. Verify MessageBus Routing
# All sends should go through MessageBus - look for source tags
grep -E "\[(iMessage|Location|Wake|Alert|Queue|Webcam|WebFetch)\]" ~/.claude-mind/system/logs/samara.log | tail -20
# Check for any direct sender bypasses (should NOT appear after fix)
grep "sender\.send" ~/Developer/samara-main/Samara/Samara/*.swift | grep -v MessageBus
3. Check Recent Episode Logs for Leaked Content
# Look for session ID patterns in episode logs (SHOULD NOT be there)
grep -E "\d{10}-\d{5}" ~/.claude-mind/memory/episodes/$(date +%Y-%m-%d).md
# Look for thinking block markers that escaped
grep -i "<thinking>" ~/.claude-mind/memory/episodes/$(date +%Y-%m-%d).md
4. Run Sanitization Tests
cd ~/Developer/samara-main/Samara
xcodebuild test -scheme SamaraTests -destination 'platform=macOS' 2>&1 | grep -E "SanitizationTests"
Leak Patterns to Watch For
| Pattern | Meaning | Fix |
|---------|---------|-----|
| 1234567890-12345 | Session ID leaked | Check sanitizeResponse() |
| <thinking>...</thinking> | Thinking block escaped | Check regex pattern |
| <invoke>...</invoke> | XML marker leaked | Check antmlPattern |
| Scrambled multi-response | Streams crossed | Check TaskRouter isolation |
Architecture Verification
Layer 1: Output Sanitization
- File:
Samara/Samara/Actions/ClaudeInvoker.swift - Method:
sanitizeResponse() - Filters:
<thinking>blocks, session IDs, XML markers
Layer 2: MessageBus Coordination
- File:
Samara/Samara/Actions/MessageBus.swift - All sends should use
messageBus.send()with type tag - Verify: No direct
sender.send()calls in main.swift
Layer 3: TaskRouter Isolation
- File:
Samara/Samara/Mind/TaskRouter.swift - Classifies: conversation, webcam, webFetch, skill tasks
- Isolates parallel tasks to prevent cross-contamination
If Leaks Are Found
- Identify the leak source from logs
- Check if it's a new pattern not covered by sanitization
- Add test case to
SanitizationTests.swift - Update sanitizeResponse() with new filter
- Rebuild Samara:
~/.claude-mind/system/bin/update-samara
Report Template
When reporting a leak issue:
- What content leaked (exact text)
- Context (group chat? concurrent tasks?)
- Timestamp (to correlate with logs)
- Log entries showing sanitization activity
- Whether tests pass
Related Skills
claudeaceae/.claude/skills/webhook
development
VerifiedTrustedCommunity
# /webhook --- name: webhook description: Manage webhook sources - list, add, test, and view incoming events context: fork triggers: - webhook - add webhook - create webhook - webhook setup - incoming webhooks --- Manage the webhook receiver system. Use this skill to add new webhook sources, test existing ones, and view incoming events. ## What You Can Do 1. **List sources** - Show all registered webhook sources 2. **Add source** - Create a new webhook source with secure secret 3.
9SKILL.mdUpdated Apr 16, 2026
claudeaceae/wallet
testing
VerifiedTrustedCommunity
Check crypto wallet balances, transaction history, and addresses
9SKILL.mdUpdated Apr 16, 2026
claudeaceae/.claude/skills/voice-call
testing
VerifiedTrustedCommunity
# /voice-call - FaceTime Voice Calling Place and receive FaceTime Audio calls with live transcription and voice/text responses. ## Quick Start ```bash # Full voice conversation (responds via FaceTime audio) ~/.claude-mind/system/bin/voice-call --voice-response # Call with text responses (via iMessage) ~/.claude-mind/system/bin/voice-call --text-response # Call a specific number ~/.claude-mind/system/bin/voice-call +15551234567 --voice-response ``` ## Prerequisites Run `audio-setup --check
9SKILL.mdUpdated Apr 16, 2026
claudeaceae/.claude/skills/sync
tools
VerifiedTrustedCommunity
--- name: sync description: Check for drift between repo and running system. Use when checking if scripts or Samara are out of sync, verifying system integrity, or before/after rebuilds. Trigger words: sync, organism sync, check drift, system drift, repo sync. context: fork allowed-tools: - Bash - Read - Grep --- # Sync Skill Check for drift between the repo and running system, and optionally fix it. ## What This Does Runs the `sync-organism` script to detect differences between: - `~/
9SKILL.mdUpdated Apr 16, 2026