context-engineer
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears purpose-aligned, but it works by reading local agent prompt, memory, skill, and config files, so users should avoid sharing its reports or snapshots if those files contain private information.
This looks safe to install for local context auditing. Before using it, remember that it reads OpenClaw workspace files such as MEMORY.md, SOUL.md, SKILL.md, and tool/config files, so treat its terminal reports and saved snapshots as potentially sensitive if your workspace contains private prompts or memories.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Reports or saved snapshots may reveal file names, token counts, redundancy details, or snippets derived from private agent memory and instruction files if shared externally.
The code intentionally reads persistent agent context, memory, instruction, and skill files to analyze token usage and redundancy.
WORKSPACE_FILES = ["SKILL.md", "SOUL.md", "MEMORY.md", "AGENTS.md", "TOOLS.md", ...] ... content = fp.read_text(errors="replace")
Use it on trusted local workspaces, review reports and snapshot files before sharing them, and avoid pointing it at directories containing unrelated private documents.