Automated audit: This issue was generated by NLPM, a natural language programming linter, running via claude-code-action. Please evaluate the findings on their merits.
About This Audit
NLPM is a natural language programming linter for Claude Code plugins. It applies a 100-point scoring rubric to NL artifacts (skills, agents, commands, hooks) and identifies structural bugs, missing required fields, broken references, and security patterns in executable surfaces.
Ars Contexta scored 96/100 — an excellent score. The plugin is mature, well-structured, and architecturally coherent. The findings below are minor structural gaps, not fundamental issues.
Bugs Found (10 total)
Priority 1 — Missing model declarations (9 files)
These skill-source files declare allowed-tools but omit the model field. Without it, Claude Code falls back to the ambient session model instead of the intended inference tier.
| File |
Status |
skill-sources/refactor/SKILL.md |
PR #37 |
skill-sources/ralph/SKILL.md |
PR #37 |
skill-sources/verify/SKILL.md |
PR #37 |
skill-sources/learn/SKILL.md |
PR #37 |
skill-sources/reflect/SKILL.md |
PR #37 |
skill-sources/reduce/SKILL.md |
PR #37 |
skill-sources/rethink/SKILL.md |
PR #37 |
skill-sources/reweave/SKILL.md |
PR #37 |
skills/help/SKILL.md |
PR #37 |
Fix: Added model: sonnet to each file's frontmatter, consistent with the convention already established in the skills/ meta-layer.
Priority 2 — Missing allowed-tools in knowledge-guide agent
agents/knowledge-guide.md reads ${CLAUDE_PLUGIN_ROOT}/reference/ files to back its methodology guidance but declares no allowed-tools. Without Read granted, those file reads fail at runtime.
| File |
Status |
agents/knowledge-guide.md |
PR #38 |
Fix: Added allowed-tools: Read to the frontmatter.
Security Findings (5 total — no CRITICAL or HIGH)
Overall classification: CLEAR. The three MEDIUM findings are all standard hook patterns; none represent real attack surface in normal use.
MEDIUM — --no-verify in git commits (2 instances)
session-orient.sh:59 and auto-commit.sh:52 use git commit --no-verify. This is the standard pattern to prevent recursive hook invocation in PostToolUse hooks — no fix recommended. Documented as intentional.
MEDIUM — KEY regex injection in read_config.sh (PR submitted)
KEY was interpolated directly into grep -E without validation. Safe in current callers but a footgun for future ones.
PR: #39
LOW — git add -A in auto-commit.sh (PR submitted)
Staged all files including those outside vault directories. Could accidentally commit credentials or sensitive files.
PR: #40
LOW — Missing -x check before reconcile.sh (PR submitted)
session-orient.sh called a vault-owned script with only a file-existence check. A non-executable file at that path would still be run by bash.
PR: #41
PRs Submitted
| PR |
Description |
| #37 |
Add missing model declarations to 9 skill-source files |
| #38 |
Add missing allowed-tools: Read to knowledge-guide agent |
| #39 |
Validate KEY against allowlist in read_config.sh |
| #40 |
Scope git add to vault directories in auto-commit.sh |
| #41 |
Require execute permission before running reconcile.sh |
Quality Issues (informational, no PRs)
28 vague quantifier instances across 17 files were flagged during scoring. Examples: "very similar content" (suggest: "≥80% lexical overlap"), "recent sessions" (suggest: "sessions from the last 7 days"). These are scoring deductions, not bugs — fixing them would raise individual skill scores but are not submitted as PRs per NLPM's contribution policy.
Ars Contexta is an impressively well-designed plugin. The methodology is coherent, the three-space architecture is consistently applied, cross-component references are clean, and the processing pipeline is fully specified. These findings are at the margins. Thank you for building and sharing it.
About This Audit
NLPM is a natural language programming linter for Claude Code plugins. It applies a 100-point scoring rubric to NL artifacts (skills, agents, commands, hooks) and identifies structural bugs, missing required fields, broken references, and security patterns in executable surfaces.
Ars Contexta scored 96/100 — an excellent score. The plugin is mature, well-structured, and architecturally coherent. The findings below are minor structural gaps, not fundamental issues.
Bugs Found (10 total)
Priority 1 — Missing
modeldeclarations (9 files)These skill-source files declare
allowed-toolsbut omit themodelfield. Without it, Claude Code falls back to the ambient session model instead of the intended inference tier.skill-sources/refactor/SKILL.mdskill-sources/ralph/SKILL.mdskill-sources/verify/SKILL.mdskill-sources/learn/SKILL.mdskill-sources/reflect/SKILL.mdskill-sources/reduce/SKILL.mdskill-sources/rethink/SKILL.mdskill-sources/reweave/SKILL.mdskills/help/SKILL.mdFix: Added
model: sonnetto each file's frontmatter, consistent with the convention already established in theskills/meta-layer.Priority 2 — Missing
allowed-toolsin knowledge-guide agentagents/knowledge-guide.mdreads${CLAUDE_PLUGIN_ROOT}/reference/files to back its methodology guidance but declares noallowed-tools. WithoutReadgranted, those file reads fail at runtime.agents/knowledge-guide.mdFix: Added
allowed-tools: Readto the frontmatter.Security Findings (5 total — no CRITICAL or HIGH)
Overall classification: CLEAR. The three MEDIUM findings are all standard hook patterns; none represent real attack surface in normal use.
MEDIUM —
--no-verifyin git commits (2 instances)session-orient.sh:59andauto-commit.sh:52usegit commit --no-verify. This is the standard pattern to prevent recursive hook invocation in PostToolUse hooks — no fix recommended. Documented as intentional.MEDIUM — KEY regex injection in
read_config.sh(PR submitted)KEYwas interpolated directly intogrep -Ewithout validation. Safe in current callers but a footgun for future ones.PR: #39
LOW —
git add -Ainauto-commit.sh(PR submitted)Staged all files including those outside vault directories. Could accidentally commit credentials or sensitive files.
PR: #40
LOW — Missing
-xcheck beforereconcile.sh(PR submitted)session-orient.shcalled a vault-owned script with only a file-existence check. A non-executable file at that path would still be run bybash.PR: #41
PRs Submitted
modeldeclarations to 9 skill-source filesallowed-tools: Readto knowledge-guide agentgit addto vault directories in auto-commit.shQuality Issues (informational, no PRs)
28 vague quantifier instances across 17 files were flagged during scoring. Examples: "very similar content" (suggest: "≥80% lexical overlap"), "recent sessions" (suggest: "sessions from the last 7 days"). These are scoring deductions, not bugs — fixing them would raise individual skill scores but are not submitted as PRs per NLPM's contribution policy.
Ars Contexta is an impressively well-designed plugin. The methodology is coherent, the three-space architecture is consistently applied, cross-component references are clean, and the processing pipeline is fully specified. These findings are at the margins. Thank you for building and sharing it.