← Back to Skills Marketplace
grewingm

Plutio

by GrewingM · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
392
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install plutio
Description
Manage Plutio projects and tasks. Use when you need to create, update, close, or query tasks and projects in Plutio (task/project management platform). Suppo...
Usage Guidance
This skill appears to be a real Plutio API client (code + docs match the stated purpose), but there is a clear metadata omission: the registry doesn't declare the required Plutio credentials even though the code and docs require them. Before installing: - Treat the skill as requiring your Plutio App Key/Client Secret; only provide those to this skill if you trust the source/author. The package owner is unknown — verify the origin. - Prefer the documented secure options (Bitwarden or OS credential manager) rather than adding credentials to shell profiles, scheduled-task scripts, or plain-text files. - Inspect the included script (scripts/plutio-cli.py) yourself (it is present) or run it in a sandboxed environment first. The script caches tokens to ~/.config/plutio/token.json; ensure you are comfortable with that path and its permissions. - Confirm network endpoints: the code uses api.plutio.com OAuth and API endpoints (expected). If you observe different remote endpoints in the code, do not proceed. - Ensure Python3 and the requests library are available in the runtime; the script does not include dependency installation steps. - If you need stronger assurance, request the publisher to update registry metadata to declare required env vars (PLUTIO_APP_KEY, PLUTIO_SECRET, PLUTIO_SUBDOMAIN) and provide provenance for the skill (homepage, owner identity) or run a code review/audit prior to granting credentials.
Capability Analysis
Type: OpenClaw Skill Name: plutio Version: 1.0.1 The skill is designed for legitimate Plutio API interaction. The primary concern is the `scripts/plutio-cli.py` script's acceptance of sensitive API credentials (`--app-key`, `--secret`) directly as command-line arguments. This practice, also demonstrated in `SKILL.md`, `references/examples.md`, and `references/powershell-workflows.md`, is a vulnerability as it can expose credentials in process lists, shell history, or logs. While `references/setup-guide.md` provides good security advice on credential storage, the CLI's design still presents this risk. There is no evidence of intentional malicious behavior, data exfiltration to unauthorized endpoints, or prompt injection attempts to subvert the agent's core function.
Capability Assessment
Purpose & Capability
The name/description, SKILL.md, references, and the included Python CLI all consistently implement a Plutio project/task management client — that aligns with the stated purpose. However, the registry metadata declares no required environment variables or primary credential while the code and docs clearly require a Plutio App Key (client id) and Secret (client secret) to operate. That metadata omission is an incoherence: the skill will not function without credentials yet does not declare them in the registry.
Instruction Scope
Runtime instructions and examples are narrowly scoped to Plutio API actions (list/create/update/close tasks, list people, etc.). The skill caches OAuth tokens locally (~1 hour) and the docs instruct how to configure credentials via environment variables, Bitwarden, or OpenClaw auto-configuration. Example workflows show optional integrations (e.g., sending Matrix notifications) and scheduling via Task Scheduler; those are user-driven and outside the core API client but are clearly documented. There is no instruction to read unrelated system files or exfiltrate data, but some examples show storing credentials in scheduled scripts or shell profiles which can be insecure if the user follows them blindly.
Install Mechanism
This is instruction-only plus a single Python script; there is no install spec that downloads remote code. The script expects Python3 and the requests library but does not attempt to install arbitrary third-party packages from unknown URLs. No high-risk download/extract steps are present.
Credentials
The skill needs sensitive credentials (Plutio App Key / Client Secret) to operate — the SKILL.md and setup docs explicitly show environment variables and CLI arguments for these secrets. Yet the skill metadata lists no required env vars or primary credential. Additionally, some documented configuration options (adding creds to shell profile, Windows scheduled task scripts) encourage storing secrets in plain text; the docs do recommend Bitwarden as most secure, but the presence of insecure examples increases risk if users follow them.
Persistence & Privilege
The skill does create a local token cache under ~/.config/plutio/token.json and restricts permissions (chmod 600) in the code. always:false and no cross-skill config modifications are present. There is no claim of persistent system-wide privileges beyond the token cache and normal file writes within the user's home directory.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install plutio
  3. After installation, invoke the skill by name or use /plutio
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
FIXED: Tasks now require taskBoardId and taskGroupId to appear in Plutio UI. Updated create-task command and documentation. Removed unsupported projectId parameter.
v1.0.0
Initial release: OAuth 2.0 v1.11 API integration with list/create projects and tasks, PowerShell 7 support, comprehensive setup guides
Metadata
Slug plutio
Version 1.0.1
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Plutio?

Manage Plutio projects and tasks. Use when you need to create, update, close, or query tasks and projects in Plutio (task/project management platform). Suppo... It is an AI Agent Skill for Claude Code / OpenClaw, with 392 downloads so far.

How do I install Plutio?

Run "/install plutio" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Plutio free?

Yes, Plutio is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Plutio support?

Plutio is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Plutio?

It is built and maintained by GrewingM (@grewingm); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments