Lobster Context Budget
v1.0.0Audits Claude Code context window consumption across agents, skills, MCP servers, and rules. Identifies bloat, redundant components, and produces prioritized...
⭐ 0· 29·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description claim an audit of context/window usage across agents, skills, MCP servers, rules and CLAUDE.md; the SKILL.md explicitly lists exactly those repository paths and components to scan (agents/*.md, skills/*/SKILL.md, rules/**/*.md, .mcp.json, CLAUDE.md). No unrelated env vars, binaries, or installs are requested, so the required footprint is proportionate to the stated purpose.
Instruction Scope
The runtime instructions require scanning many workspace files and producing per-file token estimates and overlap detection (including line-by-line diffs in verbose mode). This is coherent with an auditing tool, but it means the agent will read potentially sensitive project files (configs, rules, agent descriptions, MCP configs). The skill does not instruct any external exfiltration, but the scope of file access is broad — review whether you want an automated agent to read all those paths.
Install Mechanism
No install spec and no code files are present (instruction-only). This minimizes risk because nothing new is written to disk or downloaded; the skill relies only on workspace file access and internal processing.
Credentials
The skill requires no environment variables, credentials, or config paths beyond reading repository files it documents. There are no unexplained secret requests. Note: some of the files it scans (e.g., .mcp.json or other config files) may themselves contain sensitive endpoints or tokens in some setups — that is a consequence of scanning project files, not an explicit credential demand.
Persistence & Privilege
The skill is not always:true, does not install or modify agent/system configuration, and is user-invocable only. Autonomous invocation remains possible (default platform behavior) but is not combined with elevated persistence or broad credential access in this skill.
Assessment
This skill appears to do what it claims: it reads repository files to estimate token usage and recommend removals. Before enabling or running it, consider: 1) It will access many project files (agents/*.md, skills/*/SKILL.md, rules/**/*.md, .mcp.json, CLAUDE.md). If those files contain secrets or private data, run the audit in a controlled environment or remove/rotate sensitive values first. 2) Run in non-verbose mode first to get a high-level view, then verbose only if needed. 3) If you want to limit its scope, temporarily move or git-ignore sensitive files or run the agent with restricted workspace permissions. 4) Because it's instruction-only, no external code is installed, but the agent will have read access to your repo — confirm you are comfortable with that access before invoking the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk971fd8g3zgq18teseys7rtbe1846wdv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.