ClawHub

PCO CLI - Planning Center Services

v1.0.0

CLI tool for managing Planning Center Services data including plans, teams, songs, and scheduled people via the PCO Services API.

1· 1.7k·0 current·0 all-time
by@rubyrunsstuff
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md documents a PCO CLI (commands, auth flow, repo URL) which is coherent with the name, but the skill bundle contains no code or install spec. It assumes a local repository path (/Users/ruby/Projects/pco-cli/pco.ts) and that 'tsx' is available. A user installing this skill would not get a runnable CLI from the skill itself — the skill only documents how to run a locally present tool. That mismatch (claims to provide CLI usage but doesn't include or install the tool) is a coherence problem.
!
Instruction Scope
Instructions explicitly reference absolute local paths and a local config file (~/.config/pco-cli/config.json) and show commands (pco auth status, pco auth setup) that will read or write local credential files. The SKILL.md therefore instructs actions that touch user-local files and credentials, but the skill metadata does not declare those files or any required credentials. This could cause an agent to access secrets on disk if it follows these instructions.
Install Mechanism
There is no install specification (instruction-only). That is low-risk from an automatic-install perspective, but it also explains why the SKILL.md points at an external local repo rather than providing an install — which is a usability/coherence issue rather than an installation risk.
Credentials
The skill declares no required environment variables or primary credential, yet the instructions refer to credentials stored in ~/.config/pco-cli/config.json and an interactive 'pco auth setup' flow. Requesting no declared credentials while instructing access to a local credential store is proportionally odd and should be clarified: a legitimate PCO CLI needs API credentials (Planning Center access token/secret), but the skill does not state where they come from or whether the agent should access them.
Persistence & Privilege
The skill does not request always: true and has no install actions that would persist or modify other skills or system-wide settings. There is no evidence it demands elevated persistence or cross-skill configuration changes.
What to consider before installing
This skill is an instruction-only doc for running a local PCO CLI — it does not provide the CLI or an install method. Before installing or enabling it: (1) confirm you (or the agent environment) actually have the referenced repository and tsx available at the specified path; (2) locate ~/.config/pco-cli/config.json and verify what credentials it contains — the agent's following these instructions could read that file; (3) prefer a skill that declares required credentials (or includes an install) so you know what is needed and what will be accessed; (4) if you don't have the repo or don't want an agent to access local credential files, do not enable this skill. If you want this functionality, ask the skill author to include an install spec, document required env vars, or avoid hard-coded local paths.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d31794w3gy9sywek5za06x17yv0nk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments