← 返回 Skills 市场
vaguilera-jinko

Plane.so

作者 vaguilera-jinko · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
2082
总下载
2
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install plane
功能描述
Manage Plane.so projects and work items using the `plane` CLI. List projects, create/update/search issues, manage cycles and modules, add comments, and assign members.
安全使用建议
This skill appears to do what it says (manage Plane.so via the plane CLI), but take these precautions before installing: 1) Confirm the publisher/repo (https://github.com/JinkoLLC/plane-skill) is trustworthy and review the script at the raw URL — downloading and executing it will run arbitrary code on your machine. 2) Prefer an official release or package for the plane CLI if one exists instead of a raw script. 3) Provide PLANE_API_KEY with the minimum necessary permissions and keep it secret. 4) Ask the publisher to fix the registry metadata mismatch (it should declare the required binary and env vars) so the package manifest is consistent. 5) If you must install, inspect the downloaded file contents and consider running it in a safe environment first (e.g., container or VM).
功能分析
Type: OpenClaw Skill Name: plane Version: 1.0.0 The skill is classified as suspicious due to its installation method, which involves downloading and executing an external script (`plane`) from a raw GitHub URL (`https://raw.githubusercontent.com/JinkoLLC/plane-skill/main/scripts/plane`) via `curl` and `chmod +x` as specified in `SKILL.md`. This introduces a supply chain risk, as the content of the downloaded script is not part of the skill bundle and could be altered remotely without a version change, potentially leading to arbitrary code execution. While the provided files do not contain explicit malicious intent or prompt injection attempts, this remote execution capability is a significant security risk.
能力评估
Purpose & Capability
The skill is described as a Plane.so CLI integrator and the SKILL.md requests the plane CLI plus PLANE_API_KEY and PLANE_WORKSPACE — these are appropriate and expected for the stated purpose. However, the registry-level metadata (provided with the skill) lists no required binaries or env vars while the SKILL.md metadata declares both — this inconsistency is unexplained and could be a packaging error.
Instruction Scope
Runtime instructions are limited to installing the plane CLI, setting PLANE_API_KEY and PLANE_WORKSPACE, and running plane commands (listing projects/issues, creating/updating issues, comments, cycles, etc.). The SKILL.md does not instruct reading unrelated files, harvesting other environment variables, or sending data to unexpected external endpoints.
Install Mechanism
The SKILL.md (and its embedded metadata) instructs downloading a script from raw.githubusercontent.com and placing it in ~/.local/bin which will be executed. Downloading and executing arbitrary scripts from a GitHub user repository is common but carries risk — the script can contain arbitrary code. The host (raw.githubusercontent.com) is a normal release host, but you should inspect the script and prefer an official published release if available.
Credentials
The only required env vars in the SKILL.md are PLANE_API_KEY and PLANE_WORKSPACE, which are proportional to the functionality. However the registry metadata (earlier in the bundle) lists no required env vars — that mismatch between declared requirements and the SKILL.md should be resolved by the publisher.
Persistence & Privilege
The skill does not request always: true and does not claim system-wide privileges. Installation writes a CLI into the user's ~/.local/bin (user-level) which is normal for CLI tools. Autonomous invocation of the skill by the agent is allowed (platform default) but not an additional privilege in this bundle.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install plane
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /plane 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Plane.so CLI for managing projects, work items, cycles, modules, and comments.
元数据
Slug plane
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Plane.so 是什么?

Manage Plane.so projects and work items using the `plane` CLI. List projects, create/update/search issues, manage cycles and modules, add comments, and assign members. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2082 次。

如何安装 Plane.so?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install plane」即可一键安装,无需额外配置。

Plane.so 是免费的吗?

是的,Plane.so 完全免费(开源免费),可自由下载、安装和使用。

Plane.so 支持哪些平台?

Plane.so 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Plane.so?

由 vaguilera-jinko(@vaguilera-jinko)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论