along-plan
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent planning-only skill that mainly restricts the agent to reading and analysis, with a disclosed plan-file write and restricted shell-command use.
This skill appears safe for read-only planning and code analysis. Before using it, note that it can still read project files and run documented read-only shell commands, and it will write a plan file under docs/ or doc/. Avoid using it to display secrets, tokens, or unnecessary environment details.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could inspect local files or environment details during planning, and network GET commands could contact external sites if the user asks for that.
The skill permits a restricted set of shell commands, including environment display and network GET requests. This is disclosed and mostly read-only, but users should understand that shell output can still reveal sensitive local context if used carelessly.
These command prefixes are allowed in plan mode: ... `env`, `printenv` ... `curl` (GET requests) ... `wget -O -` (output to stdout only)
Use it in trusted workspaces, avoid asking it to print secrets or full environment variables, and keep shell use limited to the documented read-only analysis tasks.