ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Planning with files

v2.34.0

Implements Manus-style file-based planning to organize and track progress on complex tasks. Creates task_plan.md, findings.md, and progress.md. Use when aske...

43· 16.3k·154 current·161 all-time
byAhmad Othman Ammar Adi.@othmanadi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (Manus-style file-based planning and session recovery) aligns with included templates and scripts that create/maintain task_plan.md, findings.md, and progress.md. However, the SKILL.md and scripts assume tools/environments (git, python, powershell) and env vars (CLAUDE_PLUGIN_ROOT, CODEX_* variables) that are not declared in the registry metadata, which is an incoherence worth noting.
!
Instruction Scope
Runtime hooks and SKILL.md instruct the agent to read/write project files and to run session-catchup.py. session-catchup.py scans agent session stores (~/.claude/projects and ~/.codex/sessions or CODEX_SESSIONS_DIR) and parses past session JSONL files to surface 'unsynced context' — this legitimately supports recovery but also causes the skill to read broad historical session data that may contain unrelated or sensitive information. Hooks also recommend running git diff --stat and execute shell/powershell commands automatically (UserPromptSubmit, PreToolUse, PostToolUse, Stop), increasing the scope of file/system reads.
Install Mechanism
No network downloads or install steps are declared (instruction-only install). All code files are packaged with the skill (scripts and templates) and will be executed from the plugin directory; no external install mechanism or remote fetch was found.
!
Credentials
The skill does not declare required env vars but uses several at runtime: CLAUDE_PLUGIN_ROOT (path to scripts/templates), CODEX_THREAD_ID and CODEX_SESSIONS_DIR (to locate past sessions), and falls back to HOME/USERPROFILE. It also expects Python and optionally orjson, and suggests running git and powershell. Requesting or reading these env values and session stores is functionally explainable for session recovery, but the access is broader than the simple 'planning files' description and is not declared.
Persistence & Privilege
The skill is not force-installed (always:false). It defines hooks that will run commands automatically when invoked (UserPromptSubmit, PreToolUse, PostToolUse, Stop), which is normal for a skill but means it will execute local scripts (e.g., check-complete.sh) on stop. No evidence it modifies other skills or system-wide configs.
What to consider before installing
Before installing, review and consider the following: - The skill will run included scripts (session-catchup.py, init-session.sh, check-complete.sh) that read local agent session stores (~/.claude and ~/.codex) and may surface content from past sessions. If those session files contain sensitive data, that content could be exposed to the agent when the skill runs. - The SKILL.md and scripts assume runtime tools and env vars (python, git, powershell, CLAUDE_PLUGIN_ROOT, CODEX_THREAD_ID, CODEX_SESSIONS_DIR) that are not declared in the registry metadata; confirm you are comfortable with these implicit dependencies. - If you only want simple planning files, consider removing or editing session-catchup.py or disabling hooks that scan home session directories, or run the skill in a sandboxed/isolated project where past session logs are not present. - Audit the included scripts locally (they are packaged with the skill) to verify they do not read or transmit secrets, and test on a throwaway project first. - If you have low tolerance for the skill reading historical agent sessions or running git/powershell, do not install or ask the author to provide a variant without session-scanning behavior.

Like a lobster shell, security has layers — review code before you run it.

agentvk97axkze7k084r7wta2cnf8rr5800cs1agent-skillsvk97axkze7k084r7wta2cnf8rr5800cs1agentsvk97axkze7k084r7wta2cnf8rr5800cs1antigravityvk97axkze7k084r7wta2cnf8rr5800cs1c lawdvk97axkze7k084r7wta2cnf8rr5800cs1claudevk97axkze7k084r7wta2cnf8rr5800cs1claude-codevk97bhbkz1rxvacxk7m92mb55118391zeclaude-skillsvk97axkze7k084r7wta2cnf8rr5800cs1clawdbotvk97axkze7k084r7wta2cnf8rr5800cs1clawdbot-skillvk97axkze7k084r7wta2cnf8rr5800cs1clawdhubvk97axkze7k084r7wta2cnf8rr5800cs1context-engineeringvk97bhbkz1rxvacxk7m92mb55118391zecursorvk97bhbkz1rxvacxk7m92mb55118391zefactory-aivk97axkze7k084r7wta2cnf8rr5800cs1geminivk97bhbkz1rxvacxk7m92mb55118391zehooksvk97bhbkz1rxvacxk7m92mb55118391zekilo-codevk97bhbkz1rxvacxk7m92mb55118391zekilocodevk97axkze7k084r7wta2cnf8rr5800cs1latestvk970f1yrez8ptn4x5g52pm0swn84wgdqmanusvk97bhbkz1rxvacxk7m92mb55118391zemanus-aivk97axkze7k084r7wta2cnf8rr5800cs1markdownvk97bhbkz1rxvacxk7m92mb55118391zemulti-idevk97bhbkz1rxvacxk7m92mb55118391zepersistent-memoryvk97bhbkz1rxvacxk7m92mb55118391zeplanningvk97bhbkz1rxvacxk7m92mb55118391zeproductivityvk97bhbkz1rxvacxk7m92mb55118391zeproject-managementvk97bhbkz1rxvacxk7m92mb55118391zeprompt-engineeringvk97axkze7k084r7wta2cnf8rr5800cs1reverse-engineeringvk97axkze7k084r7wta2cnf8rr5800cs1skillvk97bhbkz1rxvacxk7m92mb55118391zetask-planningvk97bhbkz1rxvacxk7m92mb55118391zeworkflowvk97bhbkz1rxvacxk7m92mb55118391zezodvk97axkze7k084r7wta2cnf8rr5800cs1zod-validationvk97axkze7k084r7wta2cnf8rr5800cs1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments