Agent Context System
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly a local memory template, but its setup flow depends on a missing executable that would modify persistent agent context, so users should review the actual runnable code before using it.
Before installing, verify the missing agent-context executable from a trusted source and inspect it, because the provided wrapper and docs depend on it. If you use the skill, review any session-log or promotion changes before accepting them, and only run the GitHub publishing script after checking what files will be pushed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may be asked to run setup or promotion logic whose actual behavior is not represented in the reviewed artifacts.
The init wrapper runs a sibling agent-context executable, but that executable is not included in the provided file manifest or file contents while the docs tell users to run setup/promote commands through it. This creates a provenance and review gap for the code that would modify project agent-context files.
exec "$SCRIPT_DIR/../agent-context" init "$@"
Do not run agent-context commands until the executable is included from a trusted, pinned source and reviewed; the package should either include the CLI or remove the wrapper/documentation that depends on it.
Bad or overly broad notes in the scratchpad could steer future coding agents toward wrong assumptions or unsafe conventions.
The skill intentionally creates persistent local memory that is read by future agents and updated over time. This is purpose-aligned, but incorrect or poisoned entries could influence later sessions.
Read this file and `.agents.local.md` (if it exists) before starting any task... At session end, append to `.agents.local.md` Session Log
Review proposed scratchpad changes before accepting them, keep .agents.local.md gitignored, and treat it as factual notes rather than trusted new instructions.
Running this script can publish the current repository contents to GitHub and change repository settings under the user's account.
The optional publishing script uses the user's GitHub CLI authentication to create a repository and push the current directory. This is disclosed and user-directed, but it uses account authority and uploads local project contents.
gh repo create "$GH_USER/$REPO_NAME" \
--private \
--source=. \
--remote=origin \
--description "Template: persistent local-only memory for AI coding agents" \
--pushRun the publishing script only intentionally, after checking git status and verifying that no secrets or private files will be committed and pushed.