ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Planka

v0.1.12

Manage Planka (Kanban) projects, boards, lists, cards, and notifications via a custom Python CLI.

1· 2.1k·4 current·4 all-time
by@voydz
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the SKILL.md: it wraps plankapy via a planka-cli binary and documents commands to manage projects, boards, lists, cards, and notifications. Requiring the planka-cli binary is proportional to the described purpose.
!
Instruction Scope
Instructions are narrowly scoped to installing and using planka-cli, but they recommend passing passwords on the command line (e.g., --password secret) which is an insecure practice (visible in process listings and shells). The SKILL.md also tells the CLI to store credentials with a login command — you should confirm how/where credentials are stored and whether they are encrypted.
Install Mechanism
The skill is instruction-only (no install spec), so nothing is written by the skill itself. SKILL.md suggests installing from a third‑party Homebrew tap (voydz/homebrew-tap). That tap is not an official source; installing from untrusted taps carries supply-chain risk. The doc also mentions pipx/source installs (Python 3.11+) which is a safer alternative if you verify the package source.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportional for a CLI wrapper which relies on a local binary and user-provided Planka credentials.
Persistence & Privilege
The skill does not request always:true and makes no persistent system configuration changes itself (instruction-only). It does instruct the user to 'login' via the CLI which will store credentials locally—this is expected behavior for a client but worth auditing for storage security.
Assessment
This skill appears to be what it claims, but take these precautions before installing or using it: 1) Verify the planka-cli source code or repository before installing—prefer installing from a vetted source (pipx from PyPI or an official GitHub release) rather than an unknown Homebrew tap. 2) Avoid passing plain passwords on the command line (use interactive prompts, environment variables, or token-based auth if supported). 3) Check where planka-cli stores credentials and whether it encrypts them (inspect config files and their filesystem permissions). 4) Ensure you use HTTPS endpoints for your Planka instance. 5) If you are unsure about trust, install and run the CLI inside an isolated environment (VM or container) and audit network activity while using it.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📋 Clawdis
Binsplanka-cli
latestvk97brx1zykfepx7d4s8hgreybd80hxpf
2.1kdownloads
1stars
2versions
Updated 7h ago
v0.1.12
MIT-0
@voydz
latest
Download

Planka CLI

This skill provides a CLI wrapper around the plankapy library to interact with a Planka instance.

Setup

  1. Install via Homebrew tap:

    brew tap voydz/homebrew-tap
brew install planka-cli

    Source/pipx installs require Python 3.11+ to use plankapy v2.

  2. Configuration: Use the login command to store credentials:

    planka-cli login --url https://planka.example --username alice --password secret
# or: python3 scripts/planka_cli.py login --url https://planka.example --username alice --password secret

Usage

Run the CLI with the installed planka-cli binary:

# Show help
planka-cli

# Check connection
planka-cli status

# Login to planka instance
planka-cli login --url https://planka.example --username alice --password secret

# Remove stored credentials
planka-cli logout

# List Projects
planka-cli projects list

# List Boards (optionally by project ID)
planka-cli boards list [PROJECT_ID]

# List Lists in a Board
planka-cli lists list <BOARD_ID>

# List Cards in a List
planka-cli cards list <LIST_ID>

# Show a Card (includes attachments with URLs and comment text)
planka-cli cards show <CARD_ID>

# Create a Card
planka-cli cards create <LIST_ID> "Card title"

# Update a Card
planka-cli cards update <CARD_ID> --name "New title"
planka-cli cards update <CARD_ID> --list-id <LIST_ID>
planka-cli cards update <CARD_ID> --list-id <LIST_ID> --position top

# Delete a Card
planka-cli cards delete <CARD_ID>

# Notifications
planka-cli notifications all
planka-cli notifications unread

Examples

List all boards:

planka-cli boards list

Show cards in list ID 1619901252164912136:

planka-cli cards list 1619901252164912136

Show card details for card ID 1619901252164912137:

planka-cli cards show 1619901252164912137

Create a card in list ID 1619901252164912136:

planka-cli cards create 1619901252164912136 "Ship CLI"

Move a card to another list:

planka-cli cards update 1619901252164912137 --list-id 1619901252164912136

Move a card to another list and pin it to the top:

planka-cli cards update 1619901252164912137 --list-id 1619901252164912136 --position top

Mark a card done by updating its name:

planka-cli cards update 1619901252164912137 --name "Done: Ship CLI"

Comments

Loading comments...