Context Slim
ReviewAudited by ClawScan on May 10, 2026.
Overview
ContextSlim mostly behaves like a local context-analysis tool, but its HTML report can include an unescaped input-derived section label, so untrusted conversation files could run unwanted script when the report is opened.
This looks like a mostly local, purpose-aligned utility, but use caution with HTML reports. Only generate HTML from trusted conversation files, or prefer text/JSON output until section labels are escaped. Do not share generated reports if they contain private prompts or system instructions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Any file you point the tool at can be processed and summarized locally, and sensitive text may flow into the tool's outputs.
The skill reads a user-supplied local file into memory for analysis. This is expected for a context profiler, but it means users should deliberately choose which prompt or conversation files are processed.
with open(filepath, 'r', encoding='utf-8') as f:
content = f.read()Run it only on intended text/prompt files, avoid broad or unrelated sensitive paths, and verify output destinations before saving reports.
If you generate an HTML report from a malicious or untrusted conversation/section source, opening the report in a browser could execute injected HTML or JavaScript and potentially expose report contents.
The HTML report interpolates section.source directly into markup. Section labels can be data-derived, such as conversation roles or API-provided section names, and this field is not visibly escaped the way suggestion text is.
<span><strong>{section.source}</strong></span>Escape or whitelist all section labels before writing HTML, add a restrictive Content Security Policy, and use text/JSON output or only trusted inputs until this is fixed.
Saved reports may contain fragments of private prompts, conversations, system instructions, or other sensitive text.
Compression reports include excerpts of the original analyzed text. The shown snippet escapes this content for HTML, but the excerpt still persists in the generated report.
<div class="code-block">{cls._escape_html(s.original[:150])}</div>Treat generated reports as sensitive files, avoid sharing them publicly, and delete or sanitize reports when analyzing confidential content.