Context Guardian
PassAudited by ClawScan on May 13, 2026.
Overview
Context Guardian appears purpose-aligned, but it intentionally changes what the agent sees by limiting long tool outputs and adding context-pressure reminders.
This looks reasonable to install if you want automatic context-window protection. Before using it for debugging, audits, or tasks where exact full output matters, review the truncation and exec-output settings because the plugin may hide parts of large results by design.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Long command or tool outputs may be shortened, so important middle lines could be missed unless the user reruns a narrower query or adjusts limits.
The plugin intentionally modifies exec tool calls and truncates large tool results before the agent consumes them. This is central to the stated context-protection purpose and is configurable, but it can change what output the agent sees.
`before_tool_call` — 拦截 exec 命令,自动追加输出限制 ... `after_tool_call` — ... 工具结果自动截断
Use the defaults if automatic context protection is desired; disable `autoLimitExecOutput` or `microCompactEnabled`, or raise the limits, when complete output is important.
When context pressure is high, the agent may prioritize compression or narrowing output because of plugin-added reminders.
The plugin injects context-pressure guidance into the prompt. This is disclosed and purpose-aligned, but it still adds instructions that can influence the agent's behavior.
`before_prompt_build` — 检查当前上下文压力,压力高时注入简化提示
Keep this enabled for long sessions, but disable or tune pressure monitoring if you do not want automatic prompt reminders.
Sensitive data in tool results may be inspected and transformed locally by the plugin before the agent sees it.
The plugin reads tool-result content to estimate size and perform truncation. The visible code does not show external transmission or persistent storage, but it does process whatever sensitive content appears in tool outputs.
function extractResultContent(result) { ... if (typeof r.content === "string") return r.content; ... return JSON.stringify(result); }Avoid producing unnecessary secrets in tool output, and disable micro-compaction for tasks where preserving exact sensitive output is required.
If a compatible agent unexpectedly treats that packaged folder as a workspace, it could inherit permission to run `npx tsc` commands.
The npm package includes a local Claude settings file granting a narrow Bash permission. It is not referenced by the runtime plugin artifacts, but it is an unexpected development/agent-settings file inside the distributed package.
"allow": [ "Bash(npx tsc *)" ]
Publisher should exclude local assistant settings from release packages; users can ignore or remove this file if it is not needed.