Personaldatahub

What to consider before installing this skill: - Confirm source and trust: The skill's homepage points to a GitHub repo; review that repo and its history before installing. The package will build and may start a local server and create local credentials. - Expect writes and processes: The SKILL.md install steps run pnpm build and npx pdh init/start, which will write config and credentials under ~/.pdh and start a background HTTP service on localhost. If you do not want services started or files written to your home directory, do not run the install commands. - Environment/credentials mismatch: Although the registry lists no required env vars, the code reads PDH_HUB_URL and PDH_API_KEY and ~/.pdh/credentials.json. If you install, verify where API keys and hub URLs are stored and who can read them. - Secret leakage risk: The plugin logs auto-created API keys (api.logger.info). If you allow auto-creation, the key may be emitted to agent logs. Consider rotating/deleting any auto-created key or inspecting logs for exposure. - Install in a sandbox first: Because the install uses pnpm at a parent path (cd ../../) and starts a server, run the install and server inside a container, VM, or isolated environment to confirm behavior before adding it to a production/local agent. - Verify 'cd ../../' intent: The install line's cd ../../ is unusual (it moves out of the plugin directory) — ask the author why this is necessary and whether the command should be run from a particular repository layout. - Prefer explicit configuration: Instead of relying on auto-discovery/auto-creation, consider configuring hubUrl and apiKey explicitly (or set environment variables) so you control where credentials are created and stored. If you want more assurance, ask the maintainer for a detailed install guide, a signed release, or run a code review of the npx pdh package and the repo's build artifacts before enabling the skill in your agent.