← 返回 Skills 市场
90
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install along-plan
功能描述
Read-only exploration and planning skill for safe code analysis. This skill should be used when the user asks to enter plan mode, analyze before changing, cr...
使用说明 (SKILL.md)
Along Plan
Explore
- Only use
read,grep,glob,bash(bash restricted to safe commands — seereferences/safe-commands.md) - Do NOT use
editorwrite, except to save the plan document (see below)
Output the plan under an exact Plan: header:
Plan:
1. Step one
2. Step two
3. Step three
Then save it to docs/plan-\x3Ctopic>.md or doc/plan-\x3Ctopic>.md(whichever exists) using write:
# Plan: \x3Ctopic>
## TODO
- [ ] 1. Step one
- [ ] 2. Step two
## Acceptance Criteria
- Observable outcome that confirms the plan succeeded
- Edge cases or constraints that must hold
references/safe-commands.md— bash allowlist/blocklist for plan mode
安全使用建议
This skill is mostly coherent for a read-only planning phase, but it explicitly permits commands that can reveal environment variables, git config values, process lists, and network GETs. These capabilities can leak secrets or sensitive metadata if misused. Before installing or enabling: 1) Confirm your execution environment policy (does the agent actually get access to run env/printenv and curl?), 2) Restrict or require explicit user approval for commands that print environment variables or perform network requests, 3) Consider removing or tightening 'env/printenv' and network access from the allowlist if you don't need them, and 4) Ensure the platform enforces the declared read-only constraints (no redirections, no destructive commands). If you need stronger assurance, ask the skill author to document exactly when and why env/network reads are necessary or to remove those permissions.
功能分析
Type: OpenClaw Skill
Name: along-plan
Version: 1.0.0
The skill bundle defines a 'Plan Mode' that purports to be read-only but includes high-risk commands in its 'safe' allowlist within `references/safe-commands.md`, specifically `env`, `printenv`, `curl`, and `wget`. While the instructions in `SKILL.md` focus on safe exploration, the inclusion of these tools allows an agent to access sensitive environment variables and exfiltrate data to external endpoints via GET requests. This configuration presents a significant security risk by providing the necessary primitives for data exfiltration under the guise of a restricted planning environment.
能力评估
Purpose & Capability
Name and description match the instructions: the skill is instruction-only and intended for read-only exploration and producing a plan. Allowing saving the plan to docs/plan-<topic>.md is consistent with the stated purpose.
Instruction Scope
The SKILL.md explicitly allows commands that reveal sensitive runtime state: 'env' / 'printenv', 'git config --get', process and system info (ps, top), and network reads via 'curl' and 'wget -O -'. While these can be legitimate for context when planning, they broaden what the agent will be allowed to read. The safe-command decision rule says 'when unsure: do NOT run the command', but the allowlist still grants the ability to run commands that could expose secrets.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk installation surface.
Credentials
The skill declares no required environment variables, but the allowed commands include reading the environment (env/printenv) and other config (git config --get). That mismatch means the skill can access sensitive environment information even though it lists no credentials — this is proportionally broad for a 'read-only planning' skill and could expose secrets.
Persistence & Privilege
always:false and normal model invocation; the skill does not request persistent or cross-skill privileges. It does permit writing the plan document to docs/plan-<topic>.md which aligns with its purpose and is a limited write action.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install along-plan - 安装完成后,直接呼叫该 Skill 的名称或使用
/along-plan触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
along-plan v1.0.0 released
- Introduces a read-only planning phase for safe code analysis.
- Enforces exploration using only non-destructive tools (`read`, `grep`, `glob`, safe `bash` as per allowlist).
- Produces a numbered plan under a `Plan:` header.
- Saves the plan to a Markdown file with checklist steps and acceptance criteria.
- Uses `[DONE:n]` markers to track step completion during execution.
元数据
常见问题
along-plan 是什么?
Read-only exploration and planning skill for safe code analysis. This skill should be used when the user asks to enter plan mode, analyze before changing, cr... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 90 次。
如何安装 along-plan?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install along-plan」即可一键安装,无需额外配置。
along-plan 是免费的吗?
是的,along-plan 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
along-plan 支持哪些平台?
along-plan 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 along-plan?
由 Along(@orangon)开发并维护,当前版本 v1.0.0。
推荐 Skills