Agent Context
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Setup may fail, or users may rely on an unreviewed or externally supplied command to modify their project context files and agent configuration.
The setup wrapper executes a sibling agent-context CLI, but the provided file manifest does not include that executable and there is no install spec. The important code users are instructed to run is therefore absent from review.
# All logic lives in the main CLI at ../agent-context ... exec "$SCRIPT_DIR/../agent-context" init "$@"
Publish the actual agent-context CLI in the reviewed bundle, declare its runtime requirements, and avoid instructing users or agents to run missing executables.
Incorrect, private, or prompt-like scratchpad content could be reused by future sessions or promoted into shared project instructions.
The skill intentionally makes local notes persistent input for future agents and includes an autopromotion path into AGENTS.md, a shared instruction file. That is purpose-aligned, but it needs strong user review because bad or sensitive entries can become future agent context.
Read this file and `.agents.local.md` ... At session end, append to `.agents.local.md` ... Run `agent-context promote --autopromote` to automatically append flagged patterns to AGENTS.md
Require explicit user approval before every scratchpad write and promotion, review diffs to AGENTS.md, keep secrets out of both files, and treat scratchpad content as data rather than commands.
The skill can change how coding agents read instructions in the current repository.
The setup process modifies local project files and agent configuration. This is expected for a context-bootstrap skill, but users should notice it before running setup.
Creates `.agents.local.md` from template ... ensures it's gitignored ... wires up your agent tool's config ... Creates CLAUDE.md symlink ... Adds agent context directive
Run setup only in the intended repository and review created or modified files such as .agents.local.md, .gitignore, CLAUDE.md, .cursorrules, .windsurfrules, and Copilot instructions.
If run, repository contents may be pushed to GitHub and a repo setting will be changed to mark it as a template.
The optional publish script uses the user's authenticated GitHub CLI session to create a repository and push the current directory. This is disclosed and prompted, but it uses account-level authority.
gh repo create "$GH_USER/$REPO_NAME" --private --source=. --remote=origin ... --push
Run the publish script only intentionally, confirm the active GitHub account, inspect files before `git add -A`, and do not run it from a repository containing secrets.