ClawHub

Executing Plans

v0.1.0

Use when you have a written implementation plan to execute in a separate session with review checkpoints

7· 5.3k·104 current·111 all-time
by@chenleiyanquan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the instructions: load a plan, execute tasks in batches with checkpoints. However, the SKILL.md references artifacts/skills (TodoWrite, superpowers:finishing-a-development-branch) that are not declared in the metadata as dependencies, which is an omission and reduces clarity.
!
Instruction Scope
Runtime instructions tell the agent to 'Read plan file' and 'Follow each step exactly' but do not constrain which file(s) to read or what kinds of commands may appear in the plan. That gives the agent broad discretion to access files and execute actions described by the plan; this is expected functionally, but the lack of limits and the reference to undefined sub-skills (TodoWrite, finishing-a-development-branch) are under-specified and could lead to unintended file reads or executions.
Install Mechanism
Instruction-only skill with no install spec or code files — lowest install risk.
Credentials
No environment variables, credentials, or config paths are requested — the skill does not ask for secrets or unrelated access.
Persistence & Privilege
always:false (normal). The skill instructs use of other skills and to 'announce' messages, but it does not request persistent system-wide privileges. Still, because it directs execution of arbitrary plan steps, verify that agent autonomy and checkpoint enforcement are configured to require human confirmation where you expect it.
What to consider before installing
This skill is an instruction-only helper for executing a user-provided plan; that is coherent with its name. However: 1) The instructions are deliberately broad — the agent will read whatever plan file you provide and will 'follow each step exactly', so do not give it plans that contain destructive or sensitive commands unless you fully trust the agent. 2) The SKILL.md references artifacts and a REQUIRED sub-skill (TodoWrite and superpowers:finishing-a-development-branch) that are not listed in metadata — confirm those sub-skills exist and are trustworthy before installing. 3) Confirm how your agent enforces the 'checkpoints' — ensure it will actually pause for human review rather than proceeding autonomously. If you need stricter bounds, ask the skill author to: specify expected plan file locations/formats, declare required sub-skills, and require explicit human confirmation steps in the metadata or instructions.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bfm7vd4d4nv1qz8nqxfer5d8023k2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments