← Back to Skills Marketplace
Plane.so
by
vaguilera-jinko
· GitHub ↗
· v1.0.0
2082
Downloads
2
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install plane
Description
Manage Plane.so projects and work items using the `plane` CLI. List projects, create/update/search issues, manage cycles and modules, add comments, and assign members.
Usage Guidance
This skill appears to do what it says (manage Plane.so via the plane CLI), but take these precautions before installing: 1) Confirm the publisher/repo (https://github.com/JinkoLLC/plane-skill) is trustworthy and review the script at the raw URL — downloading and executing it will run arbitrary code on your machine. 2) Prefer an official release or package for the plane CLI if one exists instead of a raw script. 3) Provide PLANE_API_KEY with the minimum necessary permissions and keep it secret. 4) Ask the publisher to fix the registry metadata mismatch (it should declare the required binary and env vars) so the package manifest is consistent. 5) If you must install, inspect the downloaded file contents and consider running it in a safe environment first (e.g., container or VM).
Capability Analysis
Type: OpenClaw Skill
Name: plane
Version: 1.0.0
The skill is classified as suspicious due to its installation method, which involves downloading and executing an external script (`plane`) from a raw GitHub URL (`https://raw.githubusercontent.com/JinkoLLC/plane-skill/main/scripts/plane`) via `curl` and `chmod +x` as specified in `SKILL.md`. This introduces a supply chain risk, as the content of the downloaded script is not part of the skill bundle and could be altered remotely without a version change, potentially leading to arbitrary code execution. While the provided files do not contain explicit malicious intent or prompt injection attempts, this remote execution capability is a significant security risk.
Capability Assessment
Purpose & Capability
The skill is described as a Plane.so CLI integrator and the SKILL.md requests the plane CLI plus PLANE_API_KEY and PLANE_WORKSPACE — these are appropriate and expected for the stated purpose. However, the registry-level metadata (provided with the skill) lists no required binaries or env vars while the SKILL.md metadata declares both — this inconsistency is unexplained and could be a packaging error.
Instruction Scope
Runtime instructions are limited to installing the plane CLI, setting PLANE_API_KEY and PLANE_WORKSPACE, and running plane commands (listing projects/issues, creating/updating issues, comments, cycles, etc.). The SKILL.md does not instruct reading unrelated files, harvesting other environment variables, or sending data to unexpected external endpoints.
Install Mechanism
The SKILL.md (and its embedded metadata) instructs downloading a script from raw.githubusercontent.com and placing it in ~/.local/bin which will be executed. Downloading and executing arbitrary scripts from a GitHub user repository is common but carries risk — the script can contain arbitrary code. The host (raw.githubusercontent.com) is a normal release host, but you should inspect the script and prefer an official published release if available.
Credentials
The only required env vars in the SKILL.md are PLANE_API_KEY and PLANE_WORKSPACE, which are proportional to the functionality. However the registry metadata (earlier in the bundle) lists no required env vars — that mismatch between declared requirements and the SKILL.md should be resolved by the publisher.
Persistence & Privilege
The skill does not request always: true and does not claim system-wide privileges. Installation writes a CLI into the user's ~/.local/bin (user-level) which is normal for CLI tools. Autonomous invocation of the skill by the agent is allowed (platform default) but not an additional privilege in this bundle.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install plane - After installation, invoke the skill by name or use
/plane - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Plane.so CLI for managing projects, work items, cycles, modules, and comments.
Metadata
Frequently Asked Questions
What is Plane.so?
Manage Plane.so projects and work items using the `plane` CLI. List projects, create/update/search issues, manage cycles and modules, add comments, and assign members. It is an AI Agent Skill for Claude Code / OpenClaw, with 2082 downloads so far.
How do I install Plane.so?
Run "/install plane" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Plane.so free?
Yes, Plane.so is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Plane.so support?
Plane.so is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Plane.so?
It is built and maintained by vaguilera-jinko (@vaguilera-jinko); the current version is v1.0.0.
More Skills