Automatically read relevant context before major actions. Loads TODO.md, roadmap.md, handoffs, task plans, and other project context files so the AI operates with full situational awareness. Use when starting a task, implementing a feature, refactoring, debugging, planning, or resuming a session.
Security Analysis
high confidenceThe skill's actions (reading project files to build context) match its description and there are no unexplained credentials, installs, or external endpoints, though its auto-loading behavior may read many local files without an explicit prompt.
The skill's stated purpose—automatically loading project context files like TODO.md, roadmap.md, handoffs, etc.—matches the SKILL.md instructions. No unrelated environment variables, binaries, or external services are requested. One minor inconsistency: README mentions npx/clawhub install commands but the registry lists this as an instruction-only skill with no install spec; this is an informational mismatch rather than a functional or security inconsistency.
The runtime instructions explicitly tell the agent to read many project-local files (TODO.md, roadmap.md, .cursor/handoffs/*.md, sessions, CHANGELOG.md, findings.md) and to run file-age checks (examples using stat). That is coherent with the purpose, but the skill also instructs the agent to "Do not wait for the user to ask — proactively load context," which can cause the agent to read files without an explicit user prompt. This raises privacy/consent considerations (local file access), although it remains consistent with the skill's goal.
No install specification is present in the registry (instruction-only), so nothing will be written or executed by default. The README/installation section suggests using npx/clawhub or copying files locally, but those are optional manual steps rather than an automated installer in the package metadata. No network downloads or binary installs are enforced by the skill metadata itself.
The skill requests no environment variables, credentials, or config paths in its metadata. This is proportionate: reading local project files doesn't require external keys. Note: files it reads may themselves contain secrets (handoffs, task plans, etc.), so absence of env var requests does not eliminate the risk of exposing sensitive content if the agent later transmits it.
The skill is not marked always:true and is user-invocable; model invocation is enabled (the platform default). Combined with the skill's instruction to proactively load context, autonomous invocation could result in silent local file reads. This is a behavioral/consent concern rather than an incoherence in requested privileges.
Guidance
This skill appears to do what it says: automatically read local project context files. Before installing, consider: (1) Review the exact file paths it will read in your projects—ensure no secrets (API keys, passwords) live in TODO.md, handoff notes, session files, or docs. (2) Prefer manual activation or require confirmation if you do not want the agent to silently read files on session start. (3) If you install via README instructions (npx/clawhub), verify the source you fetch from—this registry entry itself is instruction-only and contains no code, but following external install commands pulls from other locations. (4) Audit any subsequent outputs the agent produces to ensure sensitive content is not being transmitted to external services. If privacy is a concern, remove or isolate files with sensitive data or disable autonomous invocation for agents using this skill.
Latest Release
v1.0.0
- Initial release of the auto-context skill for situational awareness. - Automatically loads key project context files (TODO.md, roadmap.md, handoffs, task plans, findings, and more) before major actions. - Dynamically determines which files to read based on task type, with clear priority and fallback paths. - Detects file staleness and provides age-based warnings to prevent reliance on outdated information. - Generates a concise, structured context summary before proceeding with any task. - Integrates as a precursor to common project commands (start-task, intent, workflow, etc.) to ensure full situational awareness.
More by @wpank
Published by @wpank on ClawHub
