Context Engine
Loads and manages company context for all C-suite advisor skills. Reads ~/.claude/company-context.md, detects stale context (>90 days), enriches context duri...
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 258 · 2 current installs · 2 all-time installs
byAlireza Rezvani@alirezarezvani
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name and description (load/manage company context, detect staleness, anonymize before external calls) match the SKILL.md behavior: it reads a context file, parses fields, prompts for refreshes, and applies anonymization rules. However, the skill explicitly depends on a local config file (~/.claude/company-context.md) and claims to be the memory layer 'Every advisor skill loads this first' — yet the registry metadata lists no required config paths and does not set always:true. That mismatch between claimed role and declared requirements is inconsistent.
Instruction Scope
The SKILL.md instructions are focused on reading/updating the local context file, enriching in-session context, and applying an anonymization protocol before any external calls. It instructs confirming before modifying the file and to never send specific sensitive fields externally. There are no directives to read unrelated system files or exfiltrate data. The one scope issue is the file path used (~/.claude/company-context.md) is referenced but not declared in metadata.
Install Mechanism
No install spec and no code files are present (instruction-only). This is low-risk from an install/execution standpoint because nothing is downloaded or written at install time.
Credentials
The skill requests no environment variables or credentials, which fits its local-only context-management purpose. However, it relies on a specific local file path (~/.claude/company-context.md) and treats that file as authoritative; the registry metadata does not declare this required config path. The omission is a proportionality/information mismatch: the runtime instructions need access to that file but the manifest did not declare it.
Persistence & Privilege
The skill is not always:true and is user-invocable, so it won't be force-included automatically. It describes updating a local context file only after explicit confirmation, which is appropriate. If this skill is expected to be loaded 'first' by other advisor skills, there should be an explicit mechanism/manifest entry indicating that relationship; otherwise calling/registration behavior is unclear.
What to consider before installing
This skill appears to implement a reasonable local context manager and a careful anonymization protocol, but there are a few red flags to clear up before installing:
- Metadata mismatch: The SKILL.md reads and updates ~/.claude/company-context.md, but the registry metadata does not list that config path as required. Ask the author to declare required config paths so you know what files the skill will access.
- Activation model: The README says 'Every advisor skill loads this first' but the skill is not marked always:true. Request clarification on how other advisor skills are expected to invoke or depend on this skill and whether it will auto-load in your environment.
- Anonymization enforcement: The anonymization protocol looks strict and appropriate, but because this is instruction-only, you should confirm how anonymization is actually applied in practice (e.g., which outbound tools or web searches the agent may call). If possible, test with non-sensitive sample data to verify stripping behavior.
- Audit/log storage: The skill mentions an internal audit log for external calls. Ask where that log is stored, who can read it, and whether it is ever transmitted externally.
If the author can (1) update the manifest to declare ~/.claude/company-context.md as a required config path (or make the path configurable), (2) explain integration/activation semantics, and (3) document how anonymization is enforced for each outbound tool, this skill is more coherent. Until then, treat it with caution (do not provide real sensitive financial/customer/employee names during testing).Like a lobster shell, security has layers — review code before you run it.
Current versionv2.1.1
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Company Context Engine
The memory layer for C-suite advisors. Every advisor skill loads this first. Context is what turns generic advice into specific insight.
Keywords
company context, context loading, context engine, company profile, advisor context, stale context, context refresh, privacy, anonymization
Load Protocol (Run at Start of Every C-Suite Session)
Step 1 — Check for context file: ~/.claude/company-context.md
- Exists → proceed to Step 2
- Missing → prompt: "Run /cs:setup to build your company context — it makes every advisor conversation significantly more useful."
Step 2 — Check staleness: Read Last updated field.
- < 90 days: Load and proceed.
- ≥ 90 days: Prompt: "Your context is [N] days old. Quick 15-min refresh (/cs:update), or continue with what I have?"
- If continue: load with
[STALE — last updated DATE]noted internally.
- If continue: load with
Step 3 — Parse into working memory. Always active:
- Company stage (pre-PMF / scaling / optimizing)
- Founder archetype (product / sales / technical / operator)
- Current #1 challenge
- Runway (as risk signal — never share externally)
- Team size
- Unfair advantage
- 12-month target
Context Quality Signals
| Condition | Confidence | Action |
|---|---|---|
| < 30 days, full interview | High | Use directly |
| 30–90 days, update done | Medium | Use, flag what may have changed |
| > 90 days | Low | Flag stale, prompt refresh |
| Key fields missing | Low | Ask in-session |
| No file | None | Prompt /cs:setup |
If Low: "My context is [stale/incomplete] — I'm assuming [X]. Correct me if I'm wrong."
Context Enrichment
During conversations, you'll learn things not in the file. Capture them.
Triggers: New number or timeline revealed, key person mentioned, priority shift, constraint surfaces.
Protocol:
- Note internally:
[CONTEXT UPDATE: {what was learned}] - At session end: "I picked up a few things to add to your context. Want me to update the file?"
- If yes: append to the relevant dimension, update timestamp.
Never silently overwrite. Always confirm before modifying the context file.
Privacy Rules
Never send externally
- Specific revenue or burn figures
- Customer names
- Employee names (unless publicly known)
- Investor names (unless public)
- Specific runway months
- Watch List contents
Safe to use externally (with anonymization)
- Stage label
- Team size ranges (1–10, 10–50, 50–200+)
- Industry vertical
- Challenge category
- Market position descriptor
Before any external API call or web search
Apply references/anonymization-protocol.md:
- Numbers → ranges or stage-relative descriptors
- Names → roles
- Revenue → percentages or stage labels
- Customers → "Customer A, B, C"
Missing or Partial Context
Handle gracefully — never block the conversation.
- Missing stage: "Just to calibrate — are you still finding PMF or scaling what works?"
- Missing financials: Use stage + team size to infer. Note the gap.
- Missing founder profile: Infer from conversation style. Mark as inferred.
- Multiple founders: Context reflects the interviewee. Note co-founder perspective may differ.
Required Context Fields
Required:
- Last updated (date)
- Company Identity → What we do
- Stage & Scale → Stage
- Founder Profile → Founder archetype
- Current Challenges → Priority #1
- Goals & Ambition → 12-month target
High-value optional:
- Unfair advantage
- Kill-shot risk
- Avoided decision
- Watch list
Missing required fields: note gaps, work around in session, ask in-session only when critical.
References
references/anonymization-protocol.md— detailed rules for stripping sensitive data before external calls
Files
2 totalSelect a file
Select a file to preview.
Comments
Loading comments…