ClawHub
Back to skill
v0.8.3-1

Context Builder

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:42 AM.

Analysis

This is a coherent code-context generation skill, but it can read and save large parts of a project, including embedded secrets, so users should scope it carefully.

GuidanceBefore installing or using this skill, make sure you trust the upstream context-builder CLI, verify the installed version, and only run it against a specific project directory. Use filters and ignore rules, avoid home/system/credential paths, and inspect the generated context file before sharing it with any model or external service.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
context-builder -d /path/to/project -y -o context.md ... `-y` skips confirmation prompts (recommended for agent workflows when path is explicitly scoped)

The documented workflow allows prompt-free generation of context files, which is appropriate for automation but relies on the path being explicitly scoped.

User impactAn agent could generate a context file without an interactive confirmation prompt, so a mistaken broad path could collect more files than intended.
RecommendationOnly allow prompt-skipping when the target path is an explicit project root and avoid broad paths such as home directories, system directories, or credential stores.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceMediumStatusNote
SKILL.md
cargo install context-builder --features tree-sitter-all ... Verify: `context-builder --version` (expected: `0.8.3`)

The skill depends on installing an external CLI rather than including code in the artifact; the install command is user-directed and purpose-aligned, but users should verify provenance and version.

User impactInstalling the external CLI brings in code outside the reviewed skill artifact.
RecommendationInstall from the documented upstream source, verify the expected version, and use release checksums when downloading pre-built binaries.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusNote
SKILL.md
This tool reads file contents from the specified directory... The output may contain API keys, secrets, or credentials embedded in source files; always review

The skill is explicitly designed to read local project files and produce LLM-consumable context; the artifact itself acknowledges that secrets may be included.

User impactIf used on the wrong directory or shared without review, the generated context file could expose private source code, API keys, or credentials.
RecommendationUse only explicit project directories, apply file-extension and ignore filters, and review the generated markdown before sending it to an LLM or another person.