PlanSuite
PassAudited by ClawScan on May 1, 2026.
Overview
PlanSuite appears to be a benign planning workflow that creates local progress files and may use a separate execution session, with no evidence of malicious behavior.
This skill is reasonable to install if you want file-based project planning. Before use, verify the package identity because the included metadata differs from the registry listing, and avoid storing secrets in task_plan.md, progress.md, or findings.md.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill behavior itself looks coherent, but the package identity metadata is not fully consistent.
The included metadata differs from the supplied registry metadata, which lists a different owner/slug/version. This is a provenance inconsistency, though there is no code or install step shown.
"ownerId": "local-author", "slug": "plansuite", "version": "0.1.0"
Verify that this is the intended package and publisher before installing, especially if relying on registry identity or versioning.
Local plan files may contain decisions, commands, risks, or project context that future sessions will rely on.
The skill intentionally stores task plans, progress, and findings in files so later sessions can resume from them.
不要把这三份写到聊天里:写到文件,才能恢复/续跑。
Keep these files in the intended project directory, review them before resuming work, and avoid putting secrets or sensitive credentials in them.
Work may be continued by a separate session, so users should understand what context and tools that session receives.
The skill recommends opening a separate execution session, which may transfer plan context and execution authority into another session.
建议用 `sessions_spawn` 开一个隔离执行会话(避免污染主会话上下文)。
Confirm the plan is finalized, review what will be passed to the execution session, and keep user approval in the loop for impactful actions.