Agent Context
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is mostly a local project-memory template, but review is needed because a promised command-line tool is missing from the package and the memory files can change what future agents do.
Before installing, confirm the package actually includes the agent-context CLI that the docs reference. If you use it, run setup only in the intended repo, review all file changes, avoid storing secrets in AGENTS.md or .agents.local.md, and do not use autopromote unless you have reviewed what will be added.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Setup may fail, or users may rely on an unreviewed or externally supplied command to modify their project context files and agent configuration.
The setup wrapper executes a sibling agent-context CLI, but the provided file manifest does not include that executable and there is no install spec. The important code users are instructed to run is therefore absent from review.
# All logic lives in the main CLI at ../agent-context ... exec "$SCRIPT_DIR/../agent-context" init "$@"
Publish the actual agent-context CLI in the reviewed bundle, declare its runtime requirements, and avoid instructing users or agents to run missing executables.
Incorrect, private, or prompt-like scratchpad content could be reused by future sessions or promoted into shared project instructions.
The skill intentionally makes local notes persistent input for future agents and includes an autopromotion path into AGENTS.md, a shared instruction file. That is purpose-aligned, but it needs strong user review because bad or sensitive entries can become future agent context.
Read this file and `.agents.local.md` ... At session end, append to `.agents.local.md` ... Run `agent-context promote --autopromote` to automatically append flagged patterns to AGENTS.md
Require explicit user approval before every scratchpad write and promotion, review diffs to AGENTS.md, keep secrets out of both files, and treat scratchpad content as data rather than commands.
The skill can change how coding agents read instructions in the current repository.
The setup process modifies local project files and agent configuration. This is expected for a context-bootstrap skill, but users should notice it before running setup.
Creates `.agents.local.md` from template ... ensures it's gitignored ... wires up your agent tool's config ... Creates CLAUDE.md symlink ... Adds agent context directive
Run setup only in the intended repository and review created or modified files such as .agents.local.md, .gitignore, CLAUDE.md, .cursorrules, .windsurfrules, and Copilot instructions.
If run, repository contents may be pushed to GitHub and a repo setting will be changed to mark it as a template.
The optional publish script uses the user's authenticated GitHub CLI session to create a repository and push the current directory. This is disclosed and prompted, but it uses account-level authority.
gh repo create "$GH_USER/$REPO_NAME" --private --source=. --remote=origin ... --push
Run the publish script only intentionally, confirm the active GitHub account, inspect files before `git add -A`, and do not run it from a repository containing secrets.