Agent-Skills-for-Context-Engineering
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive project details, file paths, decisions, or unfinished tasks may be preserved in summaries and reused later.
The skill intentionally preserves conversation state and artifact history across compression cycles. This is central to the skill's purpose, but persistent summaries can retain sensitive details or carry forward stale or incorrect context.
Maintain structured, persistent summaries with explicit sections for session intent, file modifications, decisions, and next steps.
Keep summaries scoped to the current task, avoid including secrets, and verify important file paths, decisions, and next steps before acting on compressed context.
If the optional judge workflow is implemented with an external model, private conversation or codebase context could be shared outside the local session.
The evaluation workflow describes sending compacted context and model responses to an LLM judge. This is purpose-aligned for evaluation, but compacted context may contain private conversation or project details if the workflow is connected to an external provider.
Feed probe question + model response + compressed context to judge
Use trusted model providers, review what compacted context is sent, and redact secrets or sensitive customer/project data before judge evaluation.