ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Planka

v0.1.12

Manage Planka (Kanban) projects, boards, lists, cards, and notifications via a custom Python CLI.

1· 2k·4 current·4 all-time
by@voydz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the SKILL.md: it wraps plankapy via a planka-cli binary and documents commands to manage projects, boards, lists, cards, and notifications. Requiring the planka-cli binary is proportional to the described purpose.
!
Instruction Scope
Instructions are narrowly scoped to installing and using planka-cli, but they recommend passing passwords on the command line (e.g., --password secret) which is an insecure practice (visible in process listings and shells). The SKILL.md also tells the CLI to store credentials with a login command — you should confirm how/where credentials are stored and whether they are encrypted.
Install Mechanism
The skill is instruction-only (no install spec), so nothing is written by the skill itself. SKILL.md suggests installing from a third‑party Homebrew tap (voydz/homebrew-tap). That tap is not an official source; installing from untrusted taps carries supply-chain risk. The doc also mentions pipx/source installs (Python 3.11+) which is a safer alternative if you verify the package source.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportional for a CLI wrapper which relies on a local binary and user-provided Planka credentials.
Persistence & Privilege
The skill does not request always:true and makes no persistent system configuration changes itself (instruction-only). It does instruct the user to 'login' via the CLI which will store credentials locally—this is expected behavior for a client but worth auditing for storage security.
Assessment
This skill appears to be what it claims, but take these precautions before installing or using it: 1) Verify the planka-cli source code or repository before installing—prefer installing from a vetted source (pipx from PyPI or an official GitHub release) rather than an unknown Homebrew tap. 2) Avoid passing plain passwords on the command line (use interactive prompts, environment variables, or token-based auth if supported). 3) Check where planka-cli stores credentials and whether it encrypts them (inspect config files and their filesystem permissions). 4) Ensure you use HTTPS endpoints for your Planka instance. 5) If you are unsure about trust, install and run the CLI inside an isolated environment (VM or container) and audit network activity while using it.

Like a lobster shell, security has layers — review code before you run it.

latestvk97brx1zykfepx7d4s8hgreybd80hxpf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📋 Clawdis
Binsplanka-cli

Comments