Task Panner Validator for Agents
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent connects this planner to powerful file, shell, API, database, or deployment actions, a plan could make meaningful changes, especially when auto-approval is enabled.
The library intentionally delegates real-world action execution to a caller-provided function and can auto-approve plans. This is purpose-aligned, but the safety of execution depends on how narrowly that executor is implemented.
TaskPlanner(auto_approve: bool = False) ... If True, automatically approve plans before execution ... execute_plan(... executor_func: Callable ...)
Keep auto_approve disabled for sensitive workflows, use dry_run first, require human review for destructive or account-changing steps, and expose only narrowly scoped executor actions.
A future change to the remote repository could differ from the reviewed artifacts if users install by cloning the default branch.
The documented install path clones a mutable GitHub repository rather than a pinned release or commit, while the registry metadata lists the source as unknown.
git clone https://github.com/cerbug45/task-planner-validator.git
Verify the repository owner and pin a trusted commit or release before using it in sensitive automation.
If a saved plan file is modified or comes from an untrusted source, it could change what actions an agent later executes.
Saved task plans are persistent instructions and parameters that may later be loaded and executed. This is disclosed and purpose-aligned, but users should treat saved plans as trusted inputs.
Plan Persistence: Save and load plans in JSON format
Only load plans from trusted locations, review loaded plans before execution, and avoid storing secrets directly in plan parameters or results.