ClawHub

ctx-shrink

v1.0.1

ctx-shrink — Codebase analyzer for AI era. Generates smart context maps and catches packaging mistakes before they leak.

0· 35·0 current·0 all-time
byetherman@etherman-os
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (codebase analyzer, publish-safety checks) match the instructions: run a local tool (ctx-shrink) against the user's project and read its report. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs the agent to run ctx-shrink on the user's project directory and read the output file (AI-CONTEXT.md or a custom file). This requires access to the project's files, which is expected for this functionality. The instructions do not ask the agent to read unrelated system files or exfiltrate data to external endpoints.
Install Mechanism
No install spec is included (instruction-only), which minimizes scripted-install risk. The README recommends cloning and running a checked-in script from a GitHub repo; that is a user-mediated install path — verify the repository and the script before running. The skill itself does not supply or automatically fetch binaries.
Credentials
No environment variables, credentials, or config paths are requested. This is proportionate for a local analysis tool. There are no unexpected secret-related requirements.
Persistence & Privilege
always is false and autonomous invocation is allowed only by the platform default. The skill does not request persistent installation or modify other skill/system settings. No elevated privileges are requested in the SKILL.md.
Assessment
This skill is coherent: it tells the agent to run a local analyzer and read its report. Before using it, confirm you trust the ctx-shrink executable/repository (the README points to a GitHub repo). Do not run unreviewed install scripts or pipe installers into a shell. Be aware that scanning a project lets the tool/agent read all files in that project (including any secrets); only run it on projects you intend to expose to the tool, and review AI-CONTEXT.md outputs before sharing them externally.

Like a lobster shell, security has layers — review code before you run it.

aivk972ctmd55bdmk3zx81r00pcd1848r7kcode-analysisvk972ctmd55bdmk3zx81r00pcd1848r7kdeveloper-toolsvk972ctmd55bdmk3zx81r00pcd1848r7klatestvk979tzbznf7w82nxkqjwdw430n849pkdsecurityvk972ctmd55bdmk3zx81r00pcd1848r7k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments