ClawHub

PlanSuite

v0.2.1

Create, finalize, and execute detailed project plans with sub-plans, checkpoints, progress tracking, and change control across sessions using file-based work...

2· 1.5k·1 current·1 all-time
by@double729·duplicate of @double729/plansuite
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The SKILL.md describes a local file-based planning and execution workflow (task_plan.md, progress.md, findings.md). All instructions (create templates, freeze status, update progress/findings, use isolated sessions) align with that purpose. However, the package metadata is incomplete: there is no description/homepage/source, and _meta.json values (ownerId, version, publishedAt) don't match the registry metadata (ownerId and version differ). These metadata inconsistencies are administrative issues that don't change functionality but reduce trust.
Instruction Scope
Runtime instructions are narrowly scoped: create/maintain three files in the current working directory, follow a freeze/execute/change-control workflow, and optionally spawn an isolated session (SKILL.md references 'sessions_spawn'). The skill does not instruct reading unrelated system files, accessing environment variables, or contacting external endpoints. The only behavioral effect is file creation and modification in the current working directory (explicitly required by the workflow).
Install Mechanism
No install spec and no code files — the skill is instruction-only. There is nothing to download or execute, so there is low install risk.
Credentials
The skill requests no environment variables, no credentials, and no config paths. That is proportionate to a local planning workflow. Note: because it writes files in the current working directory, it can overwrite local files if run in a sensitive folder — the SKILL.md does advise creating/using these files but does not warn about overwriting existing unrelated files.
Persistence & Privilege
The skill is not set to always:true and does not ask to persist credentials or modify other skills/system-wide settings. It suggests using 'sessions_spawn' to create isolated sessions, which is a runtime behavior but not inherently privileged. Autonomous invocation (disable-model-invocation: false) is the platform default and expected.
Assessment
This skill is largely safe and consistent: it only creates and maintains three local files to manage plans and execution checkpoints and asks for no credentials. Before installing/using it: 1) verify the source/owner (registry metadata lacks description and homepage and _meta.json metadata doesn't match the registry owner/version), 2) run it from a dedicated project directory (to avoid accidental overwrites of unrelated files), 3) confirm what 'sessions_spawn' does on your platform (it suggests creating an isolated execution session — check its privileges), and 4) if you need provenance, ask the publisher for a homepage or repo. If those checks are satisfactory, the skill's behavior is coherent with its purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk9720vderg8w98nnj7zpafw6x980j42z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments