ClawHub

Agent Docs

Create documentation optimized for AI agent consumption. Use when writing SKILL.md files, README files, API docs, or any documentation that will be read by LLMs in context windows. Helps structure content for RAG retrieval, token efficiency, and the Hybrid Context Hierarchy.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
4 · 2.3k · 8 current installs · 8 all-time installs
by@tylervovan
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual content: the SKILL.md and reference file are documentation guidance for agent-consumable docs. The skill requests no binaries, env vars, or installs — which is appropriate for an authored-guidance skill.
Instruction Scope
The runtime instructions stay within the stated purpose (how to structure AGENTS.md / llms.txt / RAG-friendly docs). They recommend reading local docs (e.g., using read_file) which is expected. A prompt-injection pattern was detected by the scanner, but it appears inside examples and an OWASP-style discussion demonstrating attacks and mitigations — so its presence is likely educational rather than malicious. Still: any agent implementation using this skill should sanitize fetched external content and follow the listed mitigations.
Install Mechanism
No install spec and no code files — lowest-risk model. Nothing will be written to disk or fetched on install by the skill itself.
Credentials
The skill declares no env vars or credentials. Example snippets showing process.env or GET requests are illustrative of attack vectors and mitigation, not actual requirements. There is no unexplained credential access.
Persistence & Privilege
always is false, and the skill does not request persistent privileges or modify system/agent-wide configs. Autonomous invocation is allowed (platform default); this is reasonable for a guidance skill but operators should be mindful of agent tooling the skill is used with (see guidance).
Scan Findings in Context
[ignore-previous-instructions] expected: The phrase/pattern appears in the SKILL.md as an example of prompt injection and in the security/hardening section. Its presence is expected in a document that teaches about prompt-injection attacks, but it is also the exact pattern adversaries use — treat it as a warning, not proof of malicious intent.
Assessment
This skill is an authored guide for writing LLM-friendly documentation and is internally consistent with that purpose. It doesn't request credentials or install anything. Before you install or let agents use it autonomously, verify that: (1) your agent enforces domain allow-lists and sanitizes any external content the agent might fetch (the skill itself emphasizes this); (2) AGENTS.md/llms.txt files do not contain secrets or credentials; and (3) any automated retrieval tooling has human review or gating for external sources. The scanner flagged an "ignore-previous-instructions" pattern, but it appears as an educational example in the docs — still treat it as a reminder to implement prompt-injection mitigations.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97032q64v6jxsqg6mbjqty33n80bswp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Agent Docs

Write documentation that AI agents can efficiently consume. Based on Vercel benchmarks and industry standards (AGENTS.md, llms.txt, CLAUDE.md).

The Hybrid Context Hierarchy

Three-layer architecture for optimal agent performance:

Layer 1: Constitution (Inline)

Always in context. 2,000–4,000 tokens max.

# AGENTS.md
> Context: Next.js 16 | Tailwind | Supabase

## 🚨 CRITICAL
- NO SECRETS in output
- Use `app/` directory ONLY

## 📚 DOCS INDEX (use read_file)
- Auth: `docs/auth/llms.txt`
- DB: `docs/db/schema.md`

Include:

  • Security rules, architecture constraints
  • Build/test/lint commands (top for primacy bias)
  • Documentation map (where to find more)

Layer 2: Reference Library (Local Retrieval)

Fetched on demand. 1K–5K token chunks.

  • Framework-specific guides
  • Detailed style guides
  • API schemas

Layer 3: Research Assistant (External)

Gated by allow-lists. Edge cases only.

  • Latest library updates
  • Stack Overflow for obscure errors
  • Third-party llms.txt

Why This Works

Vercel Benchmark (2026):

ApproachPass Rate
Tool-based retrieval53%
Retrieval + prompting79%
Inline AGENTS.md100%

Root cause: Meta-cognitive failure. Agents don't know what they don't know—they assume training data is sufficient. Inline docs bypass this entirely.

Core Principles

1. Compressed Index > Full Docs

An 8KB compressed index outperforms a 40KB full dump.

Compress to:

  • File paths (where code lives)
  • Function signatures (names + types only)
  • Negative constraints ("Do NOT use X")

2. Structure for Chunking

RAG systems split at headers. Each section must be self-contained:

## Database Setup          ← Chunk boundary

Prerequisites: PostgreSQL 14+

1. Create database...

Rules:

  • Front-load key info (chunkers truncate)
  • Descriptive headers (agents search by header text)

3. Inline Over Links

Agents can't autonomously browse. Each link = tool call + latency + potential failure.

ApproachToken LoadAgent Success
Full inline~12K✅ High
Links only~2K❌ Requires fetching
Hybrid~4K base✅ Best of both

4. The "Lost in the Middle" Problem

LLMs have U-shaped attention:

  • Strong: Start of context (primacy)
  • Strong: End of context (recency)
  • Weak: Middle of context

Solution: Put critical rules at TOP of AGENTS.md. Governance first, details later.

5. Signal-to-Noise Ratio

Strip everything that isn't essential:

  • No "Welcome to..." preambles
  • No marketing text
  • No changelogs in core docs

Formats like llms.txt and AGENTS.md mechanically increase SNR.

llms.txt Standard

Machine-readable doc index for agents:

# Project Name

> One-line project description.

## Authentication

- [Setup](docs/auth/setup.md): Environment vars and init
- [Server](docs/auth/server.md): Cookie handling

## Database

- [Schema](docs/db/schema.md): Full Prisma schema

Location: /llms.txt at domain root Companion: /llms-full.txt — full concatenated docs, HTML stripped

Security Considerations

Inline = Trusted

AGENTS.md is part of your codebase. Controlled, version-pinned.

External = Attack Surface

  • Indirect prompt injection via hidden text
  • SSRF risks if agents can browse freely
  • Dependency on external uptime

Mitigation: Domain allow-lists, human-in-the-loop for external retrieval.

Anti-Patterns

  1. Pasting 50 pages — triggers "Lost in the Middle"
  2. "See external docs" — agents can't browse autonomously
  3. Generic advice — "Write clean code" (use specific constraints)
  4. TOC-only docs — indexes without content
  5. Trusting retrieval alone — 53% vs 100% pass rate

Advanced Patterns

For detailed guidance on RAG optimization, multi-framework docs, and API templates, see references/advanced-patterns.md.

Validation Checklist

  • Critical governance at TOP of doc
  • Total inline context under 4K tokens
  • Each H2 section self-contained
  • No external links without inline summary
  • Negative constraints explicit ("Do NOT...")
  • File paths and signatures, not full code

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…