Small Context Coding
PassAudited by ClawScan on May 3, 2026.
Overview
This skill appears to be a coherent coding-workflow helper; it mainly writes local planning notes and optional sub-agent briefs, with no evidence of hidden data theft or destructive behavior.
Before installing, expect this skill to create notes/<task>/ files in your repo and optionally generate sub-agent brief files. Verify that the python3 commands point to the installed, reviewed skill files, keep sensitive information out of task notes, and review any sub-agent output before accepting changes.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may be harder to independently audit or trace back to an upstream source.
The skill has limited provenance metadata and no install specification, while the documentation references bundled helper scripts. This is not malicious evidence, but users should verify they are installing and running the intended package.
Source: unknown Homepage: none Install specifications: No install spec — this is an instruction-only skill.
Review the included files before use and prefer running helper scripts from the installed skill package path rather than relying on an author-specific absolute path.
Using the skill can execute local Python scripts and create files in the target repository.
The skill instructs the agent/user to run bundled Python helper scripts. The reviewed scripts only create local notes/briefs and a smoke-test workspace, which is purpose-aligned, but it is still local code execution.
python3 /home/nick/.openclaw/workspace/skills/small-context-coding/scripts/init_task.py "<task-name>" <repo-root>
Only run the commands from a reviewed installed path, confirm the repo root argument is correct, and treat the smoke test as optional setup verification.
Project details saved in notes may persist, be committed accidentally, or influence later work if stale or incorrect.
The workflow intentionally persists project state, decisions, and checkpoints in local files that may be reused by later agent sessions.
Store project state in files and retrieve only what is needed for the current step. For medium or large tasks, create these under a working notes folder such as `notes/<task-slug>/`
Keep secrets out of notes, review checkpoint contents before relying on them, and add the notes folder to .gitignore if it should not be committed.
A sub-agent could inspect or edit scoped project files, and its findings may affect the main implementation if not reviewed.
The skill supports sub-agent delegation and brief generation. The instructions include useful boundaries, but code context and task details may still be shared with another agent context.
Use sub-agents only to isolate distinct subproblems. Do not spawn many sub-agents unless there are clearly separate workstreams.
Use sub-agents only for bounded work, specify exact scope and verification, and review their outputs and file changes before merging decisions.