← Back to Skills Marketplace
90
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install along-plan
Description
Read-only exploration and planning skill for safe code analysis. This skill should be used when the user asks to enter plan mode, analyze before changing, cr...
README (SKILL.md)
Along Plan
Explore
- Only use
read,grep,glob,bash(bash restricted to safe commands — seereferences/safe-commands.md) - Do NOT use
editorwrite, except to save the plan document (see below)
Output the plan under an exact Plan: header:
Plan:
1. Step one
2. Step two
3. Step three
Then save it to docs/plan-\x3Ctopic>.md or doc/plan-\x3Ctopic>.md(whichever exists) using write:
# Plan: \x3Ctopic>
## TODO
- [ ] 1. Step one
- [ ] 2. Step two
## Acceptance Criteria
- Observable outcome that confirms the plan succeeded
- Edge cases or constraints that must hold
references/safe-commands.md— bash allowlist/blocklist for plan mode
Usage Guidance
This skill is mostly coherent for a read-only planning phase, but it explicitly permits commands that can reveal environment variables, git config values, process lists, and network GETs. These capabilities can leak secrets or sensitive metadata if misused. Before installing or enabling: 1) Confirm your execution environment policy (does the agent actually get access to run env/printenv and curl?), 2) Restrict or require explicit user approval for commands that print environment variables or perform network requests, 3) Consider removing or tightening 'env/printenv' and network access from the allowlist if you don't need them, and 4) Ensure the platform enforces the declared read-only constraints (no redirections, no destructive commands). If you need stronger assurance, ask the skill author to document exactly when and why env/network reads are necessary or to remove those permissions.
Capability Analysis
Type: OpenClaw Skill
Name: along-plan
Version: 1.0.0
The skill bundle defines a 'Plan Mode' that purports to be read-only but includes high-risk commands in its 'safe' allowlist within `references/safe-commands.md`, specifically `env`, `printenv`, `curl`, and `wget`. While the instructions in `SKILL.md` focus on safe exploration, the inclusion of these tools allows an agent to access sensitive environment variables and exfiltrate data to external endpoints via GET requests. This configuration presents a significant security risk by providing the necessary primitives for data exfiltration under the guise of a restricted planning environment.
Capability Assessment
Purpose & Capability
Name and description match the instructions: the skill is instruction-only and intended for read-only exploration and producing a plan. Allowing saving the plan to docs/plan-<topic>.md is consistent with the stated purpose.
Instruction Scope
The SKILL.md explicitly allows commands that reveal sensitive runtime state: 'env' / 'printenv', 'git config --get', process and system info (ps, top), and network reads via 'curl' and 'wget -O -'. While these can be legitimate for context when planning, they broaden what the agent will be allowed to read. The safe-command decision rule says 'when unsure: do NOT run the command', but the allowlist still grants the ability to run commands that could expose secrets.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk installation surface.
Credentials
The skill declares no required environment variables, but the allowed commands include reading the environment (env/printenv) and other config (git config --get). That mismatch means the skill can access sensitive environment information even though it lists no credentials — this is proportionally broad for a 'read-only planning' skill and could expose secrets.
Persistence & Privilege
always:false and normal model invocation; the skill does not request persistent or cross-skill privileges. It does permit writing the plan document to docs/plan-<topic>.md which aligns with its purpose and is a limited write action.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install along-plan - After installation, invoke the skill by name or use
/along-plan - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
along-plan v1.0.0 released
- Introduces a read-only planning phase for safe code analysis.
- Enforces exploration using only non-destructive tools (`read`, `grep`, `glob`, safe `bash` as per allowlist).
- Produces a numbered plan under a `Plan:` header.
- Saves the plan to a Markdown file with checklist steps and acceptance criteria.
- Uses `[DONE:n]` markers to track step completion during execution.
Metadata
Frequently Asked Questions
What is along-plan?
Read-only exploration and planning skill for safe code analysis. This skill should be used when the user asks to enter plan mode, analyze before changing, cr... It is an AI Agent Skill for Claude Code / OpenClaw, with 90 downloads so far.
How do I install along-plan?
Run "/install along-plan" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is along-plan free?
Yes, along-plan is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does along-plan support?
along-plan is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created along-plan?
It is built and maintained by Along (@orangon); the current version is v1.0.0.
More Skills