ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Skills Context

A comprehensive collection of Agent Skills for context engineering, multi-agent architectures, and production agent systems. Use when building, optimizing, o...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 132 · 1 current installs · 1 all-time installs
by@daviesjoin-afk
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (context engineering, multi-agent patterns) align with included content: extensive docs, examples, and scripts about context, memory, multi-agent coordination and filesystem-as-memory. The presence of many example scripts and SKILL.md files is proportionate to the claimed purpose.
Instruction Scope
SKILL.md explicitly recommends agents use filesystem operations (ls, glob, grep, read_file) and describes patterns like sandboxed hosted agents and dynamic skill loading. That is coherent for the topic, but it means the skill encourages reading files and running scripts. Verify whether any instructions in SKILL.md or bundled scripts instruct the agent to read secrets, walk arbitrary host paths, or send data to external endpoints — such steps would exceed the stated purpose.
Install Mechanism
No install spec (instruction-only) — minimal install risk. However, the package bundles many executable scripts (e.g., install.sh) and Python/TS examples. Because there's no automated installer, these files will not be written or executed automatically by the platform, but if an agent follows the included scripts they could perform filesystem or network actions. Treat bundled scripts as code that requires review before execution.
Credentials
The skill declares no required env vars, binaries, or config paths. That is proportionate to the documentation-style nature of the package. Still review scripts for implicit credential usage (e.g., code that reads ~/.aws, ~/.gitconfig, or environment variables) since the manifest includes runnable examples that may reference common credential locations.
Persistence & Privilege
always is false; the skill is user-invocable and can be autonomously invoked by the agent (platform default). The skill does describe persistent patterns (filesystems, memory stores) but does not itself request persistent privileges or modify other skills' configs in the metadata.
Scan Findings in Context
[prompt-injection-ignore-previous-instructions] unexpected: Scanner flagged 'ignore-previous-instructions' pattern in SKILL.md content. A context-engineering guide may discuss system prompts, but explicit 'ignore previous instructions' style directives are a prompt-injection pattern and are not expected in benign skill guidance. Manual review requested to confirm whether this is a false positive (e.g., quoting an external attack example) or a real directive.
[prompt-injection-system-prompt-override] unexpected: Scanner detected text resembling attempts to override system prompts. This is not expected for a documentation/skill collection and could be used to manipulate agent/system behavior. Inspect SKILL.md and any example prompts for lines that attempt to change system instructions or escalate agent authority.
[unicode-control-chars] unexpected: Unicode control characters were detected in SKILL.md. These can be used to obfuscate content (hide directives, split tokens) and are not typical in technical docs. Check for invisible characters around critical instructions or prompts.
What to consider before installing
This collection appears to be a legitimate, large documentation + example repo for context engineering, but automated scans found prompt-injection patterns and the bundle includes many runnable scripts. Before installing or enabling autonomous use: 1) Search SKILL.md and bundled examples for explicit override directives (phrases like 'ignore previous instructions' or 'override system prompt') and remove or sanitize them. 2) Inspect all install/run scripts (install.sh, any Python/TS examples) for commands that read home directories, network endpoints, or environment variables (e.g., ~/.aws, curl to external hosts). 3) Grep the code for outbound network calls (requests, fetch, curl) and for reads of common credential locations. 4) If you plan to let the agent run code, run it first in an isolated sandbox/container with no secrets mounted. 5) If you are not comfortable auditing, avoid enabling autonomous invocation or restrict the skill to manual invocation only. I have medium confidence because the content otherwise matches the stated purpose, but the prompt-injection and hidden-character findings require manual review to rule out intentional manipulation.
examples/interleaved-thinking/examples/03_full_optimization.py:995
Dynamic code execution detected.
!
docs/compression.md:243
Prompt-injection style instruction pattern detected.
!
docs/gemini_research.md:8
Prompt-injection style instruction pattern detected.
!
examples/llm-as-judge-skills/README.md:169
Prompt-injection style instruction pattern detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97ee5x80paw52q03ksvg4pbz582wvz6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Agent Skills for Context Engineering

This collection provides structured guidance for building production-grade AI agent systems through effective context engineering.

When to Activate

Activate these skills when:

  • Building new agent systems from scratch
  • Optimizing existing agent performance
  • Debugging context-related failures
  • Designing multi-agent architectures
  • Creating or evaluating tools for agents
  • Implementing memory and persistence layers

Skill Map

Foundational Context Engineering

Understanding Context Fundamentals Context is not just prompt text—it is the complete state available to the language model at inference time, including system instructions, tool definitions, retrieved documents, message history, and tool outputs. Effective context engineering means understanding what information truly matters for the task at hand and curating that information for maximum signal-to-noise ratio.

Recognizing Context Degradation Language models exhibit predictable degradation patterns as context grows: the "lost-in-middle" phenomenon where information in the center of context receives less attention; U-shaped attention curves that prioritize beginning and end; context poisoning when errors compound; and context distraction when irrelevant information overwhelms relevant content.

Architectural Patterns

Multi-Agent Coordination Production multi-agent systems converge on three dominant patterns: supervisor/orchestrator architectures with centralized control, peer-to-peer swarm architectures for flexible handoffs, and hierarchical structures for complex task decomposition. The critical insight is that sub-agents exist primarily to isolate context rather than to simulate organizational roles.

Memory System Design Memory architectures range from simple scratchpads to sophisticated temporal knowledge graphs. Vector RAG provides semantic retrieval but loses relationship information. Knowledge graphs preserve structure but require more engineering investment. The file-system-as-memory pattern enables just-in-time context loading without stuffing context windows.

Filesystem-Based Context The filesystem provides a single interface for storing, retrieving, and updating effectively unlimited context. Key patterns include scratch pads for tool output offloading, plan persistence for long-horizon tasks, sub-agent communication via shared files, and dynamic skill loading. Agents use ls, glob, grep, and read_file for targeted context discovery, often outperforming semantic search for structural queries.

Hosted Agent Infrastructure Background coding agents run in remote sandboxed environments rather than on local machines. Key patterns include pre-built environment images refreshed on regular cadence, warm sandbox pools for instant session starts, filesystem snapshots for session persistence, and multiplayer support for collaborative agent sessions. Critical optimizations include allowing file reads before git sync completes (blocking only writes), predictive sandbox warming when users start typing, and self-spawning agents for parallel task execution.

Tool Design Principles Tools are contracts between deterministic systems and non-deterministic agents. Effective tool design follows the consolidation principle (prefer single comprehensive tools over multiple narrow ones), returns contextual information in errors, supports response format options for token efficiency, and uses clear namespacing.

Operational Excellence

Context Compression When agent sessions exhaust memory, compression becomes mandatory. The correct optimization target is tokens-per-task, not tokens-per-request. Structured summarization with explicit sections for files, decisions, and next steps preserves more useful information than aggressive compression. Artifact trail integrity remains the weakest dimension across all compression methods.

Context Optimization Techniques include compaction (summarizing context near limits), observation masking (replacing verbose tool outputs with references), prefix caching (reusing KV blocks across requests), and strategic context partitioning (splitting work across sub-agents with isolated contexts).

Evaluation Frameworks Production agent evaluation requires multi-dimensional rubrics covering factual accuracy, completeness, tool efficiency, and process quality. Effective patterns include LLM-as-judge for scalability, human evaluation for edge cases, and end-state evaluation for agents that mutate persistent state.

Development Methodology

Project Development Effective LLM project development begins with task-model fit analysis: validating through manual prototyping that a task is well-suited for LLM processing before building automation. Production pipelines follow staged, idempotent architectures (acquire, prepare, process, parse, render) with file system state management for debugging and caching. Structured output design with explicit format specifications enables reliable parsing. Start with minimal architecture and add complexity only when proven necessary.

Core Concepts

The collection is organized around three core themes. First, context fundamentals establish what context is, how attention mechanisms work, and why context quality matters more than quantity. Second, architectural patterns cover the structures and coordination mechanisms that enable effective agent systems. Third, operational excellence addresses the ongoing work of optimizing and evaluating production systems.

Practical Guidance

Each skill can be used independently or in combination. Start with fundamentals to establish context management mental models. Branch into architectural patterns based on your system requirements. Reference operational skills when optimizing production systems.

The skills are platform-agnostic and work with Claude Code, Cursor, or any agent framework that supports custom instructions or skill-like constructs.

Integration

This collection integrates with itself—skills reference each other and build on shared concepts. The fundamentals skill provides context for all other skills. Architectural skills (multi-agent, memory, tools) can be combined for complex systems. Operational skills (optimization, evaluation) apply to any system built using the foundational and architectural skills.

References

Internal skills in this collection:

External resources on context engineering:

  • Research on attention mechanisms and context window limitations
  • Production experience from leading AI labs on agent system design
  • Framework documentation for LangGraph, AutoGen, and CrewAI

Skill Metadata

Created: 2025-12-20 Last Updated: 2025-12-25 Author: Agent Skills for Context Engineering Contributors Version: 1.2.0

Files

213 total
Select a file
Select a file to preview.

Comments

Loading comments…