Skill Extractor A developer released skill-extractor, an open-source tool that mines coding agent transcripts to generate reusable skills, scoring candidates by confidence and utility while redacting secrets and requiring user approval before installation. The tool runs locally, supports VS Code and CLI review, and aims to eliminate repetitive agent instructions without sending sensitive data to remote models by default. Mine reusable skills from your coding agents' transcripts. Works with Claude Code , OpenAI Codex CLI , and any other agent via a small exporter. Every candidate is scored by confidence and utility , weighted by how the trace it came from actually turned out successful / meh / failed , and only the strong, novel ones are surfaced for your review. You approve, edit, or reject each one from a VS Code panel or the /review-skills command. Approved skills are written as real SKILL.md files; every candidate, approved or not, is kept so mining keeps improving.I kept telling my coding agent the same things: run the tests before saying it's done, stop hardcoding ports in parallel test suites, reuse fixes we had already worked out. By the next session, those patterns were gone. Skills solve this, but writing one by hand after finishing a task is extra work most people skip. Agent platforms usually answer with built-in memory: the agent learns from your sessions, its behavior changes, and you don't see exactly what it learned. I didn't want that running over transcripts with my code, infrastructure details, and occasional pasted secrets. skill-extractor makes that process visible. It runs on your machine, keeps state as plain JSONL, pattern-redacts secrets before anything reaches a model, and only installs a persistent instruction after risk lint and your approval. The result is a markdown skill you can open, edit, or delete. For one developer, it turns repeated fixes into reusable skills. For a team, it produces reviewable material for a shared skill catalog using-this-on-a-team . ./install.sh macOS: launchd timer + VS Code panel + /review-skills then in VS Code: Cmd+Shift+P - "Developer: Reload Window" Not on macOS? The engine is portable; run it under any supervisor: python3 engine/extractor.py --loop 1800 mine every 30 min, forever Review from wherever you work: the VS Code panel pops up when skills are discovered, /review-skills runs the same flow in Claude Code, and python3 engine/review.py list is the raw CLI. Interval, model, scope, and sources live in config.json SKILL EXTRACTOR INTERVAL=900 ./install.sh changes the timer . Be clear-eyed about what this tool is. It is a loop with three powerful parts: - It mines your private agent traces. Your transcripts contain your code, your infrastructure names, your mistakes, and sometimes pasted secrets. Reading and segmentation happen entirely on your machine; state files are created 0600 in 0700 directories. Keep projects you cannot afford to leak out of mining altogether with scope / exclude projects . - It may send excerpts to a remote LLM. The mining prompt transcript excerpts: user messages, tool inputs and outputs goes to the backend you configure. Secret redaction is on by default: private keys, JWTs, AWS/API keys, bearer tokens, SECRET= / TOKEN= env lines, and URL-embedded passwords become redacted:... before any prompt leaves the process. Redaction is pattern-based and best-effort, not a guarantee. The default backend is your local claude CLI, which means Anthropic's API; any other backend requires an explicit ack command backend: true . For zero egress , point the command backend at a local model: "mining backend": "command", "mining command": "ollama", "run", "llama3" , "ack command backend": true - Installed skills change your agent's future behavior. A mined skill is model output; once installed it is a persistent instruction your agent will follow in later sessions. Every install therefore runs a risk lint pipe-to-shell bootstraps, credential-file access, disabled safety flags, exfiltration shapes, hidden persistence, prompt-injection phrasing, broad destructive commands . Flagged skills refuse to install until you explicitly acknowledge the findings --acknowledge-risk on the CLI, a modal confirmation in VS Code , and the acknowledgement is recorded in decisions.jsonl . The lint surfaces risk; it does not certify safety. Installing a skill is closer to merging code than dismissing a notification. Treat it that way. Private traces in, model in the middle, agent instructions out. The defaults are privacy-first, but the loop is only as safe as your review of what you install and your choice of what to mine. Details: SECURITY.md /surenode-ai/skill-extractor/blob/main/SECURITY.md . Multiple agents, one queue. Pluggable trace sources share one cursor, one budget, and one review queue: claude code , codex project identity from the session cwd , imported sessions skipped to avoid double-mining, exec exit codes feed outcome scoring , and jsonl dir for any other agent via a ~30-line exporter to the canonical record shape. Six skill categories , not just technical procedures: techniques, workflows, standing preferences, guardrails learned from failures, automations, domain knowledge. Outcome-weighted scoring. Candidates from traces that demonstrably worked score higher; failures still teach guardrails. A learning loop. Your install/reject decisions with comments calibrate future mining prompts and score priors toward your taste. Incremental and cheap. Byte cursors and segment fingerprints mean idle runs make zero LLM calls; max segments per run caps spend. Any scheduler, any mining LLM. launchd installer on macOS; --loop anywhere; systemd/cron/Task Scheduler recipes and non-Claude mining backends in docs/PORTABILITY.md /surenode-ai/skill-extractor/blob/main/docs/PORTABILITY.md . python3 engine/extractor.py run a mining pass now python3 engine/extractor.py --status counts: scratch / pending / installed / decided python3 engine/extractor.py --full ignore cursor, re-scan all history python3 engine/extractor.py --self-test sanity-check the pipeline, no traces needed python3 engine/review.py list pending candidates JSON, with risk labels python3 engine/review.py show