ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Plane Project Manager

v1.0.1

Use Plane project management tool via API to create/update issues, track progress, and manage agent tasks. Reads ~/.config/plane/credentials.json (PLANE_URL,...

0· 44·0 current·0 all-time
by@axelhu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to manage Plane via its API and the instructions show curl/jq calls against a local Plane deployment and a credentials file (~/.config/plane/credentials.json). That capability is consistent with the name/description. However, the package contains conflicting metadata: the top-level registry summary lists no required config paths / primary credential, while the included _meta.json and SKILL.md explicitly require ~/.config/plane/credentials.json with PLANE_URL/PLANE_EMAIL/PLANE_PASSWORD/PLANE_API_TOKEN. This mismatch is an integrity issue and should be reconciled.
Instruction Scope
SKILL.md gives explicit curl-based API flows (login, use cookies, query states, create/update issues/pages) limited to localhost endpoints — consistent with its purpose. Concerns: (1) example shows plaintext credentials and a concrete example email/password embedded in the docs, (2) there are small inconsistencies in example endpoints/ports (e.g., sign-up uses port 8880 while most calls use 8888), and (3) cookie handling relies on brittle shell parsing (grep/awk of csrftoken). While these are expected for a CLI-based integration, the embedded credentials and documentation inconsistencies raise hygiene and safety concerns.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. It relies on curl/jq being available (declared). Nothing is downloaded or written by the package itself.
!
Credentials
The skill legitimately needs Plane credentials, but the registry metadata presented to the evaluator is inconsistent (it initially claimed no required config paths or primary credential, yet _meta.json and SKILL.md require ~/.config/plane/credentials.json and list PLANE_URL/PLANE_EMAIL/PLANE_PASSWORD/PLANE_API_TOKEN). Requiring a credentials file is proportional, but the instruction to store a plaintext password in that file is poor practice. Also the package includes sample real-looking credentials in the docs which could be confusing or accidentally reused.
Persistence & Privilege
The skill is not always-enabled and has no install-time persistence. It does instruct use of a local credentials file and /tmp cookie file for session state, which is expected for this integration. The skill does not request system-wide modifications or elevated privileges in its instructions.
What to consider before installing
What to check before installing: - Metadata mismatch: confirm which metadata is authoritative — the registry summary or the included _meta.json/SKILL.md. The skill clearly expects ~/.config/plane/credentials.json; if the registry UI doesn't show that requirement, ask the publisher to fix it. - Do NOT reuse real/high-privilege credentials shown in examples. The SKILL.md contains an example email and plaintext password — treat those as accidental/example values and do not paste them into a production account. - Prefer API tokens over plaintext passwords: follow the doc's recommendation to generate a token and remove plaintext passwords from the credentials file. Use a low-permission account or scoped token for agent access. - Run in an isolated environment: because the skill reads a credentials file and talks to an HTTP endpoint, test it in a sandbox or VM with a local Plane instance and a dedicated account before granting access to real systems. - Validate endpoints: the docs use localhost and a specific port (mostly 8888). Ensure the skill will only call your intended Plane instance and not network endpoints you don't control. - Ask the maintainer to: (1) remove embedded example secrets from docs, (2) fix inconsistent metadata (requiredConfigPaths/primaryCredential), and (3) remove port inconsistencies and fragile cookie-parsing examples or replace them with robust token-based flows. Given the above, the package is not obviously malicious, but the metadata inconsistencies and poor-secret-handling practices justify manual review and remediation before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97859yjt18e9vf5vqzh2hj2nn84gwve

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📋 Clawdis
Any bincurl, jq

Comments