ClawHub

Context Gatekeeper

AdvisoryAudited by Static analysis on Apr 30, 2026.

Overview

No suspicious patterns detected.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Note
ASI06: Memory and Context Poisoning
What this means

Private conversation details may remain in local history/summary files and may influence later responses if the summary is loaded again.

Why it was flagged

The skill intentionally persists conversation content and reintroduces the generated summary into future prompts. This is central to its purpose, but it means sensitive or misleading prior content can be stored and reused.

Skill content
Registre as trocas... grave uma linha formatada `ROLE: texto` em um arquivo de histórico... Use o resumo... injete o conteúdo de `context/current-summary.md`
Recommendation

Keep the history file scoped to the current task, inspect the generated summary before reuse, clear sensitive entries when no longer needed, and treat stored summaries as context rather than trusted instructions.

Note
ASI10: Rogue Agents
What this means

If started, the monitor may continue rewriting the summary and log files in the background.

Why it was flagged

The monitor is designed as a continuous background loop that watches the history file and regenerates the summary. This is disclosed and local, but it can keep operating until stopped.

Skill content
while True:
        if os.path.exists(HISTORY_PATH):
            ...
                run_summary()
        time.sleep(CHECK_INTERVAL)
Recommendation

Start the monitor only when needed, document the exact startup method, and provide or use a clear stop command/process cleanup step.

Note
ASI04: Agentic Supply Chain Vulnerabilities
What this means

A user may look for or obtain a missing helper script from elsewhere, which would not be covered by this reviewed bundle.

Why it was flagged

The documentation references a startup helper script, but the provided manifest/source contents only include `auto_monitor.py` and `context_gatekeeper.py`. This is an installation/provenance consistency issue rather than evidence of hidden behavior.

Skill content
ensure_context_monitor.sh  # Starts (or restarts) the monitor safely... Run `./scripts/ensure_context_monitor.sh`
Recommendation

Either include the referenced helper script in the package for review or remove the instruction. Do not run off-bundle startup scripts unless separately reviewed.