← 返回 Skills 市场
90
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install project-context-anchor
功能描述
Writes AI_CONTEXT.md into the project root as a "dynamic soul snapshot" — capturing tech stack, recent git diffs, key decisions, active plan, and a compresse...
安全使用建议
This skill appears to do what it says (create a project-root AI_CONTEXT.md) but contains instructions that raise practical risks: it encourages overriding built-in memory and generating a compact bootstrap block that could include secrets or sensitive git info and then be committed to the repo. Before installing or running it: 1) Only run in repos where you trust all files; test in a disposable repo first. 2) Require or implement explicit secret redaction (API keys, private keys, passwords) before writing AI_CONTEXT.md. 3) Use a pre-commit hook or manual checklist to prevent committing AI_CONTEXT.md until you review it. 4) Prefer running it interactively (not autonomously) and avoid granting it blanket file-system or network access. 5) Ask the author (or inspect code, if added) for an explicit secret-detection/redaction step and for precise read/write commands the skill uses; that information would materially reduce risk and could change this assessment to benign.
功能分析
Type: OpenClaw Skill
Name: project-context-anchor
Version: 1.0.2
The project-context-anchor skill is a utility designed to maintain a local AI_CONTEXT.md file for cross-session state recovery. It uses standard shell commands (ls, find, git) to snapshot the project's tech stack, directory structure, and recent changes. While it explicitly instructs the agent to override built-in memory tools in favor of local project files, this behavior is transparently documented and aligned with its stated purpose. The SKILL.md file even includes a responsible security notice warning users to check for sensitive data like API keys or tokens before committing the generated file.
能力评估
Purpose & Capability
Name/description match the requested actions: scanning the repo and git history and writing a project-root AI_CONTEXT.md is consistent with a 'project snapshot' capability. However, the SKILL.md's explicit directive that it 'MUST override built-in memory tools' and 'Never write to MEMORY.md or ~/.claude/' is unusually prescriptive for a content-generation skill and deserves scrutiny: it tells the agent to bypass platform memory conventions rather than simply produce a file in the repo.
Instruction Scope
The runtime instructions direct the agent to scan code, directory structure, and Git history and to write a new file in the project root. Those actions are within scope for a project snapshot, but the skill also encourages generating a compact AI_BOOTSTRAP_BLOCK (high-entropy summary) and repeatedly 'self-healing' the document by rewriting it to match code. This combination increases the chance that secrets, credentials, or other sensitive data present in the repository will be included in AI_CONTEXT.md. The SKILL.md includes a truncated Security Notice advising manual review before committing, but it does not enforce or describe automatic secret redaction or safe-guards.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. The recommended installation (copy .skill into skills folder or upload via UI) is benign. No downloads or code execution artifacts are introduced by the skill manifest itself.
Credentials
The skill requests no environment variables or external credentials, which is proportionate. However, it explicitly instructs the agent to read repository files and git metadata (not declared as 'requires' because instruction-only), which can include sensitive config, tokens, or private keys. Because the skill intends to create a repository-tracked file, the potential for inadvertent exposure (committing secrets to VCS) exists and is not mitigated in the instructions.
Persistence & Privilege
always:false and user-invocable defaults are appropriate. The main concern is the SKILL.md's demand that the skill 'MUST override built-in memory tools' — that asks the agent to change its normal behavior relative to platform memory handling. While the skill does not request persistent platform-level privileges, the instruction to bypass built-in memory could increase risk if the agent is allowed autonomous invocation and broad file access.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install project-context-anchor - 安装完成后,直接呼叫该 Skill 的名称或使用
/project-context-anchor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
project-context-anchor v1.0.2
- Clarified and strengthened override instructions: this skill now always writes to ./AI_CONTEXT.md in the project root, never to MEMORY.md or ~/.claude/.
- Added a dedicated comparison table and warning section explaining the difference between AI_CONTEXT.md (created by this skill) and Claude built-in memory.
- Updated trigger instructions to strongly recommend explicit invocation by skill name for reliable operation in Claude Code.
- All output is now always written to AI_CONTEXT.md in the project folder, never into any memory files.
- Documentation emphasizes that this skill must not use or update any internal memory tooling.
v1.0.1
## project-context-anchor 1.0.1
- Added a prominent Security Notice / 安全提示 section to SKILL.md, guiding users to check AI_CONTEXT.md for sensitive data before share/commit.
- Outlined specific risks (API keys, tokens, private paths, sensitive chat content) and provided recommended grep/gitignore practices.
- No functional or implementation logic changes—documentation update only.
v1.0.0
project-context-anchor 1.0.0 — Initial release
Maintains a self-healing `AI_CONTEXT.md` for seamless project context handoff and recovery.
- Automatically generates and updates an AI_CONTEXT.md "soul snapshot" capturing architecture, recent diffs, active plans, and a compact AI bootstrap block.
- Triggers on user commands ("save my progress", "seal session", etc.) or proactively after major changes or high context usage.
- Self-healing: detects code/doc mismatches and updates documentation to reflect current truth, removing or annotating stale references.
- Outputs a compressed <120-token bootstrap block for quick session resumption — no re-explaining required.
- Supports parameterization (e.g., optimizeFor, autoRepair, compress, silent), and adapts to presence/absence of git.
- Full bilingual (English/中文) trigger and instruction support.
元数据
常见问题
Dynamic Project Soul Snapshot | 动态项目灵魂快照 是什么?
Writes AI_CONTEXT.md into the project root as a "dynamic soul snapshot" — capturing tech stack, recent git diffs, key decisions, active plan, and a compresse... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 90 次。
如何安装 Dynamic Project Soul Snapshot | 动态项目灵魂快照?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install project-context-anchor」即可一键安装,无需额外配置。
Dynamic Project Soul Snapshot | 动态项目灵魂快照 是免费的吗?
是的,Dynamic Project Soul Snapshot | 动态项目灵魂快照 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Dynamic Project Soul Snapshot | 动态项目灵魂快照 支持哪些平台?
Dynamic Project Soul Snapshot | 动态项目灵魂快照 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Dynamic Project Soul Snapshot | 动态项目灵魂快照?
由 xiao3333(@xiao3333)开发并维护,当前版本 v1.0.2。
推荐 Skills