← Back to Skills Marketplace
777
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install task-panner-validator
Description
Provides secure task planning, validation, approval, and execution for AI agents with safety checks, rollback, dry runs, and error handling using pure Python.
Usage Guidance
This package looks like a legitimate pure-Python task planner. Before installing/using it: 1) Review the included Python files (task_planner.py, examples) yourself — the planner delegates real work to the executor you provide, so that executor can perform arbitrary actions (APIs, DBs, shell, file deletion). 2) Do not enable auto_approve=True or run untrusted plans with execution privileges on production systems. 3) Watch for hard-coded example paths (e.g., /home/claude) and any plan steps that reference sensitive system paths (/etc, /sys, C:\Windows) or destructive actions. 4) If you clone the upstream repo, confirm the GitHub source and commits; the skill's registry metadata lists an unknown owner and no homepage. 5) Run tests and examples in an isolated sandbox first, and only grant credentials/host access that are strictly necessary to any executor you wire up.
Capability Analysis
Type: OpenClaw Skill
Name: task-panner-validator
Version: 0.1.0
The skill bundle is classified as suspicious due to a critical vulnerability in `task_planner.py`. The `SafetyValidator`'s `validate_step` method, when a dangerous operation is detected and `safety_check` is explicitly set to `True` for that step, only issues a warning but still returns `is_safe=True`. This allows the `approve_plan` method to successfully approve the plan (as `is_valid` remains `True`), and subsequently, the `execute_plan` method proceeds to execute the dangerous step. This design flaw effectively bypasses the intended blocking mechanism for dangerous operations, allowing them to be executed with only a warning, which could be exploited by an agent to perform unauthorized or harmful actions. No direct evidence of intentional malicious code or prompt injection attempts was found in the files.
Capability Assessment
Purpose & Capability
Name/description (task planning, validation, rollback, dry-run) matches the provided files (task_planner.py, API.md, examples). There are no unrelated required environment variables or binaries.
Instruction Scope
SKILL.md instructs cloning the repo, running tests/examples, and wiring a user-provided executor that may perform API calls, file operations, or shell actions. That is expected for a planner library, but the runtime behavior depends entirely on the executor code and step definitions (which can include destructive file operations). The README and examples explicitly show dangerous operations (delete_files, backup) and saving plans to filesystem paths (including a hard-coded /home/claude path in examples) — the skill itself does not automatically execute those, but an agent using it could if given permissions.
Install Mechanism
No install spec is provided (instruction-only). The SKILL.md recommends git cloning a GitHub repository; no third-party binaries or opaque downloads are requested. Code files are included in the package, so there is no hidden installer or external arbitrary code download required by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. The documentation mentions API orchestration patterns that will require service credentials only when you implement your executor — these are not requested by the skill itself.
Persistence & Privilege
always is false and the skill does not request permanent platform-level privileges. It persists plans to disk via its save/load API (expected for the purpose) but does not modify other skills or global agent configuration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install task-panner-validator - After installation, invoke the skill by name or use
/task-panner-validator - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial public release with robust Python-native task planning and validation.
- Introduces a step-by-step task management system using only the Python standard library.
- Supports defining custom execution logic via executor functions.
- Includes plan validation, manual or automatic approval, and safe/dry-run execution modes.
- Detects and warns about dangerous actions with built-in safety validation.
- Allows plan persistence (save/load) and provides execution summaries and error handling.
- Features guidance for common use cases, best practices, and advanced automation options.
Metadata
Frequently Asked Questions
What is Task Panner Validator for Agents?
Provides secure task planning, validation, approval, and execution for AI agents with safety checks, rollback, dry runs, and error handling using pure Python. It is an AI Agent Skill for Claude Code / OpenClaw, with 777 downloads so far.
How do I install Task Panner Validator for Agents?
Run "/install task-panner-validator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Task Panner Validator for Agents free?
Yes, Task Panner Validator for Agents is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Task Panner Validator for Agents support?
Task Panner Validator for Agents is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Task Panner Validator for Agents?
It is built and maintained by cerbug45 (@cerbug45); the current version is v0.1.0.
More Skills