Project Management System
v1.6.1A comprehensive project management system for AI agents. Manage projects from initiation to delivery with structured workflows, templates, quality gates, and...
⭐ 0· 55·0 current·0 all-time
byDon Li@don068589
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (project management) matches the included docs, templates, and role/process guidance. The skill does not request unrelated binaries, environment variables, or external credentials. The two included scripts (tools/dashboard.py, tools/system-check.py) are consistent with the governance/content that references automated scans and checks.
Instruction Scope
SKILL.md and the docs instruct the agent to read and write files under project directories (e.g. /path/to/projects-data/ and system/), to follow pre-write checks, and (optionally) to run the included Python tools for scans/health checks. The instructions do not ask for secrets or external endpoints. Because the agent will be directed to perform local filesystem operations and may be told to run included scripts, you should verify those scripts' behavior before runtime (they may run git operations or mutate files per governance docs).
Install Mechanism
There is no install spec (instruction-only). Two Python tool files are bundled but not auto-installed from external sources; this is lower risk than downloading code at install time. The repository does reference 'clawhub install' / 'openclaw skills install' but no external archive URLs or package downloads are present.
Credentials
The skill declares no required environment variables, no primary credential, no required binaries, and no required config paths. That aligns with its stated offline/project-management purpose.
Persistence & Privilege
always is false and the skill is user-invocable; autonomous invocation is allowed (the platform default) but there is no declaration of forcing permanent presence or modifying other skills. The docs do describe scripts that may auto-scan or auto-apply fixes, and changing 'system/' files is said to require Decision Maker approval — review the scripts to confirm they respect that process.
Assessment
This package appears coherent for project-management: no unexpected credentials or third-party installers are required. However, before installing or enabling autonomous invocation, do the following: 1) Inspect the two bundled Python scripts (tools/dashboard.py and tools/system-check.py) to confirm they do not perform unexpected network calls, exfiltrate data, or run destructive system commands; 2) If you plan to let the skill write or execute code, run it in a restricted/sandboxed environment and ensure it cannot access sensitive host paths; 3) Confirm any automatic git/commit behavior is acceptable — governance docs reference committing snapshots; verify the scripts won't commit secrets; 4) If you cannot review the code yourself, do not enable autonomous invocation or permit the skill to run tools that modify system files. If you want, provide the contents of tools/dashboard.py and tools/system-check.py and I will analyze them for risky behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk978tkpx6313p3qzxwn3y09yah83wmzx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.