PlanSuite
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users relying on provenance should know the embedded metadata appears stale or inconsistent.
The package-internal metadata differs from the supplied registry metadata, which lists a different owner ID and version 0.1.3. Because the skill has no installer or code, this is a provenance note rather than a behavior concern.
"ownerId": "local-author", "slug": "plansuite", "version": "0.1.0"
If publisher identity or exact version provenance matters, verify the package source before installing.
Project details may remain in local Markdown files and be used as context in later work.
The skill deliberately stores task plans, progress, findings, decisions, commands, and rollback steps in persistent local files so they can be reused across sessions.
不要把这三份写到聊天里:写到文件,才能恢复/续跑。
Keep the generated files in the intended project directory, avoid writing secrets into them, and review them before resuming a task.
A separate execution session may receive plan context and perform implementation steps under the user-approved plan.
The workflow may delegate execution to a separate session. This is disclosed and purpose-aligned, but it creates a context boundary users should understand.
建议用 `sessions_spawn` 开一个隔离执行会话(避免污染主会话上下文)。
Only spawn an execution session after reviewing the finalized plan, and review the spawned session's proposed changes and results.