Task Panner Validator for Agents

Provides secure task planning, validation, approval, and execution for AI agents with safety checks, rollback, dry runs, and error handling using pure Python.

This package looks like a legitimate pure-Python task planner. Before installing/using it: 1) Review the included Python files (task_planner.py, examples) yourself — the planner delegates real work to the executor you provide, so that executor can perform arbitrary actions (APIs, DBs, shell, file deletion). 2) Do not enable auto_approve=True or run untrusted plans with execution privileges on production systems. 3) Watch for hard-coded example paths (e.g., /home/claude) and any plan steps that reference sensitive system paths (/etc, /sys, C:\Windows) or destructive actions. 4) If you clone the upstream repo, confirm the GitHub source and commits; the skill's registry metadata lists an unknown owner and no homepage. 5) Run tests and examples in an isolated sandbox first, and only grant credentials/host access that are strictly necessary to any executor you wire up.

Type: OpenClaw Skill Name: task-panner-validator Version: 0.1.0 The skill bundle is classified as suspicious due to a critical vulnerability in `task_planner.py`. The `SafetyValidator`'s `validate_step` method, when a dangerous operation is detected and `safety_check` is explicitly set to `True` for that step, only issues a warning but still returns `is_safe=True`. This allows the `approve_plan` method to successfully approve the plan (as `is_valid` remains `True`), and subsequently, the `execute_plan` method proceeds to execute the dangerous step. This design flaw effectively bypasses the intended blocking mechanism for dangerous operations, allowing them to be executed with only a warning, which could be exploited by an agent to perform unauthorized or harmful actions. No direct evidence of intentional malicious code or prompt injection attempts was found in the files.