Back to plugin
Pluginv0.1.1
ClawScan security
OpenClaw Workflow Planner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 9:11 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements are consistent with a local workflow planner that persists a single WORKFLOW_PLAN.md file and provides planning actions; nothing in the package asks for unrelated credentials or network access.
- Guidance
- This package appears to do what it claims: manage ideas, plans, tasks, and a single WORKFLOW_PLAN.md source-of-truth. Before installing: 1) Confirm pluginConfig.plannerFilePath is set to a safe project path (leave default WORKFLOW_PLAN.md or another project file) and not to system or sensitive files. 2) Ensure the agent process does not run with excessive privileges (avoid root) so file writes cannot overwrite system data. 3) Review bundled SKILL.md files (research and implementer) if you want to confirm no additional behaviors you don't expect. 4) If you plan to allow autonomous agent invocation, be aware the skill can read and update the configured planner file without further prompts — restrict pluginConfig and agent permissions accordingly.
Review Dimensions
- Purpose & Capability
- okName/description match the code and SKILL.md: the package implements a planner that builds plans, tasks, and implementation briefs and persists state to WORKFLOW_PLAN.md. No unrelated environment variables, binaries, or external services are requested.
- Instruction Scope
- noteRuntime instructions and code stick to planning responsibilities (idea creation, research attach, design/plan lifecycle, task operations, generating implementation briefs). The plugin reads and writes a single planner file (default ./WORKFLOW_PLAN.md) and exposes a pluginConfig override plannerFilePath — this is expected but means the plugin can read/write whichever filesystem path the agent process (and provided pluginConfig) permits. Review pluginConfig values and file path permissions before use.
- Install Mechanism
- okNo remote download/install spec; code is bundled. There are no brew/npm installs or external URLs to pull arbitrary code from in the install step.
- Credentials
- okThe package declares no required env vars or credentials. The code uses only local Node APIs (fs, path, crypto). No secret-exposing environment access was requested or observed.
- Persistence & Privilege
- noteThe skill persists and updates a local file (WORKFLOW_PLAN.md) and uses lock/temp files during saves. It does not request always:true. Because it can be configured to point at any filesystem path via pluginConfig, ensure it is not pointed at sensitive system files and that the agent process runs with appropriate filesystem permissions (avoid running as root). Autonomous invocation is allowed by default (normal for skills); consider whether you want the agent to be allowed to run the planner autonomously in your environment.