← 返回 Skills 市场

PMP-Agentclaw

Name: PMP-Agentclaw
Author: cyberneticsplus

作者 CyberneticsPlus · GitHub ↗ · v1.0.3

cross-platform ⚠ suspicious

732

总下载

当前安装

版本数

在 OpenClaw 中安装

/install pmp-agentclaw

功能描述

AI project management assistant for planning, tracking, and managing projects using industry-standard methodologies. Use when asked to plan projects, track s...

安全使用建议

This skill appears to implement the advertised project-management features and does not request credentials or perform external network calls. Things to check before installing: - Verify source/repository: the package.json points to a GitHub URL but the registry metadata shows Source: unknown and Homepage: none. If possible, inspect the repository on GitHub (or obtain the author’s repository) and confirm it matches the package contents. - Clarify the SKILL.md 'install' metadata: SKILL.md contains an install entry (kind: download) but no download URL or install spec was provided in the registry — ask the publisher whether an external installer is required. Prefer building/installing from the code you reviewed rather than permitting an automatic remote download. - Run locally in an isolated environment first: build (npm install / npm run build) and run the CLI commands locally (node dist/cli/*) to confirm behavior. This also prevents any surprise network activity from an unreviewed installer. - Be cautious when supplying file or directory paths to the CLI (--file or projectDir): the CLI will read those files to compute EVM/risks/health — don't point it at system directories or credentials. Only provide project files you intend to analyze. - If you need higher assurance, review the omitted source files (remaining core/health implementation) and run the code through static scanners locally. Because no scan findings were detected in the provided metadata, that absence is not a guarantee — local verification is recommended. Overall: coherent and proportionate for a PM assistant, with a small metadata/install inconsistency to resolve and a general recommendation to verify the GitHub source and install from the reviewed code in a sandboxed environment.

功能分析

Type: OpenClaw Skill Name: pmp-agentclaw Version: 1.0.3 The skill bundle provides legitimate project management functionalities, including CLI tools for earned value management, risk scoring, velocity tracking, and project health checks. It is classified as 'suspicious' due to the inherent risk of file system access in `dist/cli/health-check.js` and `dist/cli/score-risks.js`. These tools can read user-specified directories or JSON files, which, if misused by an AI agent or a malicious user, could lead to unauthorized exposure of file existence, metadata, or content (for JSON files). While this capability is plausibly needed for the skill's stated purpose, it represents a vulnerability in how the AI agent might interpret or be prompted to use these functions, rather than intentional malice within the skill's code itself. No evidence of data exfiltration, persistence, or other malicious intent was found.

能力评估

✓ Purpose & Capability

The name/description (project management: EVM, risk scoring, velocity, health checks, WBS, Gantt, RACI) align with the included source, compiled dist files, templates, and CLI commands. The only oddity: SKILL.md frontmatter includes an 'install' entry (id: pmp-agent-install, kind: download) but the registry metadata/install specifications shown to me do not include a download URL or install spec — the package itself contains code and local templates and requires only Node. This is likely a documentation metadata mismatch rather than a capability problem.

✓ Instruction Scope

Runtime instructions (SKILL.md) direct the agent to follow 15 PM rules and to load templates/configs from the skill directory ({baseDir}/configs, {baseDir}/templates). The CLI code reads files the user expressly provides (--file) and resolves a project directory for health checks; there are no instructions to read unrelated system files, environment secrets, or to phone home. Behavior stays within the project-management domain.

ℹ Install Mechanism

The package is primarily instruction + included code (dist/ compiled JS present). There is no registry install spec that downloads arbitrary code at runtime. The SKILL.md contains an 'install' metadata item that claims a download install (kind: download) but no download URL or external host is present in the repo or files examined. That inconsistency should be clarified (documentation mismatch) but there is no evidence of a high-risk remote installer or obfuscated download.

✓ Credentials

The skill requests no environment variables or credentials and the code doesn't reference external secrets or cloud credentials. CLI tools accept file paths and project-dir inputs (user-specified), which is expected for a PM utility. No disproportionate secret access is requested.

✓ Persistence & Privilege

Metadata flags: always=false (not force-included), disable-model-invocation=false (normal), user-invocable=true. The skill does not request elevated or persistent system privileges and does not modify other skills' configs. Autonomous invocation is allowed by default on the platform but this skill does not combine that with other high-risk behaviors.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install pmp-agentclaw
安装完成后，直接呼叫该 Skill 的名称或使用 /pmp-agentclaw 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.3

- Added package-lock.json for dependency tracking. - Updated rule instructions: WBS and Gantt chart generation now reference only templates, not CLI commands. - Rule 14: Health check command updated from `npx pmp-agent health-check` to `npx pmp-agentclaw health-check`. - No functional code or behavioral changes; documentation and config improvements only.

v1.0.2

- Simplified all project management rules for clarity and beginner accessibility. - Rewrote guidance on cost, schedule, and risk tracking with plain-language formulas and color-coded alerts. - Revised the RACI, stakeholder communication, and change control processes for easier real-world use. - Added new templates and config files for communications, stakeholder analysis, change requests, and common PM tasks. - Ensured every rule and guideline is actionable with clear steps and examples. - No changes were made to underlying calculations or TypeScript API usage.

v1.0.0

- Initial release of pmp-agentclaw, an AI project management assistant. - Supports planning, tracking, and management for predictive (waterfall), adaptive (agile), and hybrid project methodologies. - Automates creation of project charters, work breakdown structures, Gantt schedules, risk registers, RACI matrices, and status reports. - Provides tools for earned value management, sprint ceremonies, stakeholder management, and formal change control. - Enforces 15 rules to ensure adherence to industry-standard project management practices. - Includes TypeScript API for EVM, risk scoring, and velocity calculations.

元数据

Slug pmp-agentclaw

版本 1.0.3

许可证 —

累计安装 0

当前安装数 0

历史版本数 3

常见问题

PMP-Agentclaw 是什么？

AI project management assistant for planning, tracking, and managing projects using industry-standard methodologies. Use when asked to plan projects, track s... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 732 次。

如何安装 PMP-Agentclaw？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install pmp-agentclaw」即可一键安装，无需额外配置。

PMP-Agentclaw 是免费的吗？

是的，PMP-Agentclaw 完全免费（开源免费），可自由下载、安装和使用。

PMP-Agentclaw 支持哪些平台？

PMP-Agentclaw 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 PMP-Agentclaw？

由 CyberneticsPlus（@cyberneticsplus）开发并维护，当前版本 v1.0.3。