ClawHub

hplan

v1.1.0

Hierarchical persistent planning for complex multi-phase tasks. Use when the user asks to plan, break down, or execute a task involving multiple steps, deliv...

5· 86·0 current·0 all-time
byNoire@noirewinter
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (hierarchical persistent planning) aligns with the instructions: creating a .plan/ workspace, per-phase specs/checklists, and using OpenClaw memory for cross-session continuity. There are no unrelated env vars, binaries, or installs requested.
Instruction Scope
The instructions require reading and writing files under the current workspace (.plan/*) and explicitly call platform memory functions (memory_search and saving short summaries). This matches the stated purpose, but two behaviors merit attention: (1) the skill instructs silently deleting the entire .plan/ directory if all phases are complete (this deletion happens without explicit user confirmation), and (2) it writes persistent summaries to long-term memory which may capture sensitive or private plan contents if not sanitized.
Install Mechanism
No install spec and no code files — instruction-only — so nothing is downloaded or executed on install. This is the lowest-risk install model.
Credentials
The skill requests no environment variables or external credentials, which is appropriate. It does, however, direct writes to the workspace file system and to the agent's long-term memory; while these are platform features (not external credentials), they are persistent storage locations and can retain user data across sessions, so users should avoid storing secrets in plan content.
Persistence & Privilege
always:false and no system-wide modifications — normal. The skill's persistence is limited to the current workspace (.plan/) and writing short entries to OpenClaw memory. Because the agent can be invoked autonomously by default, the combination of autonomous invocation + automated memory writes could persist plan summaries without repeated explicit consent; consider whether that's acceptable.
Assessment
This skill appears to do what it says: it will create and maintain a .plan/ directory in whatever workspace it runs in and write short summaries to the agent's long-term memory. Before installing or enabling it: (1) review the templates and .plan/ contents so you know what gets written to disk; (2) do not include secrets or private credentials in plan text — memory entries are persisted across sessions; (3) consider modifying the workflow to ask the user before deleting the .plan/ directory (the SKILL.md currently instructs a silent delete when all phases are complete); (4) test the skill in an isolated or throwaway workspace first to confirm behavior you’re comfortable with; and (5) if you need stricter control, require the agent to prompt for explicit user confirmation before saving to long-term memory or deleting files.

Like a lobster shell, security has layers — review code before you run it.

latestvk9786rdm1d9edt9ejkqqejbz3x84mnax

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📋 Clawdis

Comments