by 安全扫描
OpenClaw
安全
medium confidenceThe skill's requirements, included script, and runtime instructions are coherent with its stated purpose (monitoring session/context quality and handling handoffs), but it includes an external npx install recommendation and automatic activation behavior you should be aware of before installing.
评估建议
This skill appears to do what it says: monitor context health and enforce handoff discipline. Before installing: (1) review the GitHub package the npx command would fetch (npx executes remote code), (2) confirm you’re comfortable with the skill auto-activating during multi-step agent tasks (it may read project files and handoff files under a .context-surfing directory), and (3) if you use Entire CLI, understand that the skill may call local Entire commands to read session state. If you want tigh...详细分析 ▾
✓ 用途与能力
Name/description match the actual artifacts: the SKILL.md describes monitoring context quality and handoff behavior and the included script (handoff-checker.sh) enforces handoff processing. The skill does not request unrelated credentials, binaries, or config paths.
ℹ 指令范围
Instructions ask the agent to read intent frames, plans, project context files, and to use Entire CLI if available; these are within the stated purpose of preserving context and handling handoffs. However the SKILL.md also instructs the skill to activate automatically when a multi-step agent task is running, and it explicitly recommends loading 'all project context files' — which means the agent may read arbitrary files in the user project. This is coherent but grants broad file-read scope consistent with the skill's goal.
ℹ 安装机制
There is no formal install spec in the registry, but SKILL.md recommends installing via an npx command that pulls from a GitHub path (pskoett/pskoett-ai-skills). Using npx will fetch and run remote code; the package/workflow should be reviewed before running. The included shell script in the package is small and benign in intent.
✓ 凭证需求
The skill declares no required environment variables, credentials, or config paths. Its runtime suggestions (checking Entire CLI with 'entire status') are optional and proportional to the described functionality.
ℹ 持久化与权限
The registry flags show always: false and normal autonomous invocation allowed. The SKILL.md explicitly instructs the skill to activate automatically when a multi-step agent task is underway. Autonomous invocation is platform-default, but you should be aware this skill is intended to run without explicit user invocation and may trigger file reads as described above.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/16
- Initial release of context-surfing. - Monitors context window quality throughout a multi-step agent session to maximize output fidelity. - Activates automatically after plan-interview and intent-framed-agent, handling handoff to simplify-and-harden and self-improvement upon completion or context drift. - Detects and prevents degraded context states (drift, contradiction, hallucination), exiting cleanly and preserving session continuity. - Integrates with Entire CLI when available to use persistent session state as an anchor for context checks. - Scans and leverages key project context files (CLAUDE.md, AGENTS.md, README.md, etc.) to maintain strong session grounding.
● 无害
安装命令
点击复制官方npx clawhub@latest install context-surfing
镜像加速npx clawhub@latest install context-surfing --registry https://cn.longxiaskill.com