Context Onboarding
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user or agent points the skill at a private file, the first lines of that file could be displayed in the conversation or logs.
The CLI can be pointed at caller-selected files and workspaces, then reads and prints snippets from those files. This is read-only and aligned with the onboarding purpose, but it should not be aimed at sensitive local files.
parser.add_argument("--workspace", default="."); parser.add_argument("--files", nargs="+", default=DEFAULT_FILES); ... path = workspace / name ... path.read_text(encoding="utf-8")Use the default identity docs or clearly approved markdown files; get explicit user approval before using non-default paths or another workspace.
Stale or untrusted workspace docs could influence how an agent understands local norms or rules if their contents are over-trusted.
The skill intentionally surfaces persistent workspace identity and instruction documents for agent context. That is the stated purpose, but such documents should be treated as advisory and not as higher-priority instructions.
`scripts/context_onboarding.py` reads the key documents (`SOUL.md`, `USER.md`, `AGENTS.md`, `TOOLS.md` by default) and prints the first few lines of each
Keep these workspace docs reviewed, avoid storing secrets in them, and ensure any instructions they contain remain subordinate to system, developer, and current user instructions.