Context Builder
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a coherent code-context generation skill, but it can read and save large parts of a project, including embedded secrets, so users should scope it carefully.
Before installing or using this skill, make sure you trust the upstream context-builder CLI, verify the installed version, and only run it against a specific project directory. Use filters and ignore rules, avoid home/system/credential paths, and inspect the generated context file before sharing it with any model or external service.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on the wrong directory or shared without review, the generated context file could expose private source code, API keys, or credentials.
The skill is explicitly designed to read local project files and produce LLM-consumable context; the artifact itself acknowledges that secrets may be included.
This tool reads file contents from the specified directory... The output may contain API keys, secrets, or credentials embedded in source files; always review
Use only explicit project directories, apply file-extension and ignore filters, and review the generated markdown before sending it to an LLM or another person.
An agent could generate a context file without an interactive confirmation prompt, so a mistaken broad path could collect more files than intended.
The documented workflow allows prompt-free generation of context files, which is appropriate for automation but relies on the path being explicitly scoped.
context-builder -d /path/to/project -y -o context.md ... `-y` skips confirmation prompts (recommended for agent workflows when path is explicitly scoped)
Only allow prompt-skipping when the target path is an explicit project root and avoid broad paths such as home directories, system directories, or credential stores.
Installing the external CLI brings in code outside the reviewed skill artifact.
The skill depends on installing an external CLI rather than including code in the artifact; the install command is user-directed and purpose-aligned, but users should verify provenance and version.
cargo install context-builder --features tree-sitter-all ... Verify: `context-builder --version` (expected: `0.8.3`)
Install from the documented upstream source, verify the expected version, and use release checksums when downloading pre-built binaries.