Plan Mode

The name, description, and SKILL.md consistently describe a read-first planning stance (clarify → plan → approve → execute) and the allowed actions (reads, listing, searching) match that purpose. No unrelated credentials, binaries, or installs are requested.

The runtime instructions explicitly limit the agent to read-only exploration until user approval, and specify what to do in each lens. The included references mention a 'toolbox audit' (scan installed skills, search ClawHub/GitHub) — which implies potential external registry or network lookups and checks of installed skills. This is reasonable for avoiding reinventing functionality, but it could cause the agent to perform network queries or inspect installed-skill metadata unless the runtime restricts that. The SKILL.md does not instruct any destructive actions prior to approval.

Instruction-only skill with no install spec and no code files — nothing is written to disk by an installer. Low install risk.

No environment variables, credentials, or config paths are required. The skill's needs are proportional to its planning purpose.

The skill supports creating 'living' plan files but explicitly requires explicit user approval before persisting. It is not always-on. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges in this skill.